Skip to content

distinct

Description

The distinct command returns one document per unique value (or combination of values) for the given expressions. It is particularly useful for reporting or identifying unique entities within a dataset.

Functionally, it behaves like a lightweight groupby without any aggregation functions—simply collapsing duplicates and returning the first occurrence of each distinct value.

Note

Use distinct when you want a list of unique keys, not an aggregate summary.

Syntax

distinct <expression> [as <alias>] [, <expression_2> [as <alias_2>], ...]

Example

Use case: Generate a list of unique active users

Suppose your logs contain multiple entries per user as they interact with your system. You can use distinct to produce a clean list of unique usernames for reporting or activity tracking.

Example data

{ "username": "Chris", "action": "login" },
{ "username": "Chris", "action": "upload" },
{ "username": "Dave", "action": "login" },
{ "username": "Maria", "action": "logout" },
{ "username": "Maria", "action": "login" }

Example query

source logs
| filter username != null
| distinct username as active_users

Example output

active_users
Chris
Dave
Maria

The distinct command collapses repeated usernames into a single record for each, creating a clear list of active users.

Previous dedupeby
Next enrich
Home
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal