Skip to content

aggregate - Perform aggregate calculations over documents

The aggregate command allows users to perform calculations over one or more keypaths. This enables the creation of statistics, like summations, averages, max, min, counts and much more.

Syntax

aggregate <aggregation_expression> [as <result_keypath>] [, <aggregation_expression_2> [as <result_keypath_2], ...]

Example - Basic usage

Using aggregate is straight forward. In its most basic form, aggregate can be used on its own to perform aggregations, for example:

aggregate count() as count

This will generate a single document of the form (assuming there were 25 documents in the result set to count):

{
    "count": 25
}

Example - Multiple aggregations at once

aggregate supports multiple aggregations in the same command, for example, we can run the following against our traces:

source spans
| aggregate count() as count, max($m.duration) as max_duration

This will result in the following document:

{
    "count": 25,
    "max_duration": 1567
}

Limitations

The aggregation limit is 1000 buckets.