group_by¶
Description¶
Grouping/partitioning in which to process data. This establishes a grouping to
use for aggregate verbs like timechart and establishes grouping for window
functions when used inside the window() function.
Return type¶
grouping
Domain¶
This is a scalar function (calculates a single output value for a single input row.)
Categories¶
Usage¶
group_by([ grouping_1, grouping_2, ... ])
Argument |
Type |
Optional |
Repeatable |
Restrictions |
|---|---|---|---|---|
grouping |
storable |
yes |
yes |
column |
Examples¶
timechart 1m, count: count(1), group_by(clusterUid)
Computes the number of events for each cluster in every minute.
timechart 1m, count: count(1), group_by(clusterUid: tags.clusterUid)
First extract the tags.clusterUid field into clusterUid column, then computes the number of events for each cluster in every minute.
Both clusterUid column and count column will be kept in the result.
timechart 1m, count: count(1), group_by(tags.clusterUid)
When an expression is specified without explicit column name, a derived column name to be used instead. In this case, clusterUid will be
the derived column name, and the tags.clusterUid field will be extracted into the clusterUid column. Then it will compute the number of
events for each cluster in every minute. Both clusterUid column and count column will be kept in the result.
make_col count:window(count(1), group_by(nodeName), frame(back:5m))
Each row will be given a new column count which contains a count of the
number of rows with the same nodeName value within the last five minutes. For
more information, see window() and frame().
Aliases¶
groupby (deprecated)