`aggregate`

Description

The aggregate command performs calculations across the entire working set of documents, producing summary statistics such as totals, averages, minimums, maximums, or counts. Unlike groupby, which splits data into multiple groups, aggregate computes results over the full dataset as a single group.

Multiple aggregation functions can be combined in one command to produce a single document containing several computed values.

Note

Aggregations are limited to 1000 buckets in a single operation.

Syntax

aggregate <aggregation_expression> [as <result_keypath>] [, <aggregation_expression_2> [as <result_keypath_2>], ...]

Example 1

Use case: Compute total count and maximum duration across all traces

Suppose you have a set of trace logs and you want to compute a few overall statistics, such as how many traces exist and the maximum request duration.

Example data

{ "duration": 340 },
{ "duration": 890 },
{ "duration": 1567 },
{ "duration": 102 }

Example query

aggregate count() as count, max($m.duration) as max_duration

Example output

count	max_duration
4	1567

The aggregate command computes metrics over the entire dataset rather than per group. In this case, it counts four total records and finds that the maximum duration observed is 1567.

Example 2

You can also perform a single aggregation:

Example query

aggregate count() as count

Example output

Which would return:
count
4

Previous timeshifted

Next block