group_by

Description

Grouping/partitioning in which to process data. This establishes a grouping to use for aggregate verbs like timechart and establishes grouping for window functions when used inside the window() function.

Return type

variant

Domain

This is a scalar function (calculates a single output value for a single input row.)

Categories

• Special

Usage

group_by( )

Examples

timechart 1m, count: count(1), group_by(clusterUid)

Computes the number of events for each cluster in every minute.

timechart 1m, count: count(1), group_by(clusterUid: tags.clusterUid)

First extract the tags.clusterUid field into clusterUid column, then computes the number of events for each cluster in every minute. Both clusterUid column and count column will be kept in the result.

timechart 1m, count: count(1), group_by(tags.clusterUid)

When an expression is specified without explicit column name, a derived column name to be used instead. In this case, clusterUid will be the derived column name, and the tags.clusterUid field will be extracted into the clusterUid column. Then it will compute the number of events for each cluster in every minute. Both clusterUid column and count column will be kept in the result.

make_col count:window(count(1), group_by(nodeName), frame(back:5m))

Each row will be given a new column count which contains a count of the number of rows with the same nodeName value within the last five minutes. For more information, see window() and frame().

Aliases

groupby (deprecated)