| Aggregation function |
arg_max |
Returns the row where an expression evaluates to the maximum value. |
| Aggregation function |
arg_min |
Returns the row where an expression evaluates to the minimum value. |
| Aggregation function |
avg |
Returns an average value across the group. |
| Aggregation function |
avgif |
Calculates the average value of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
count |
Returns a count of the group without/with a predicate. |
| Aggregation function |
countif |
Returns a count of rows for which the predicate evaluates to true. |
| Aggregation function |
dcount |
Returns an estimate for the number of distinct values that are taken by a scalar expression in the summary group. |
| Aggregation function |
dcountif |
Returns an estimate of the number of distinct values of an expression of rows for which the predicate evaluates to true. |
| Aggregation function |
histogram |
Returns a timeseries heatmap chart across the group. |
| Aggregation function |
histogramif |
Creates a histogram for rows where a condition evaluates to true. |
| Aggregation function |
make_list_if |
Creates a dynamic JSON object (array) of an expression values in the group for which the predicate evaluates to true. |
| Aggregation function |
make_list |
Creates a dynamic JSON object (array) of all the values of an expression in the group. |
| Aggregation function |
make_set_if |
Creates a dynamic JSON object (array) of the set of distinct values that an expression takes in records for which the predicate evaluates to true. |
| Aggregation function |
make_set |
Creates a dynamic JSON array of the set of distinct values that an expression takes in the group. |
| Aggregation function |
max |
Returns the maximum value across the group. |
| Aggregation function |
maxif |
Calculates the maximum value of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
min |
Returns the minimum value across the group. |
| Aggregation function |
minif |
Returns the minimum of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
percentile |
Calculates the requested percentiles of the group and produces a timeseries chart. |
| Aggregation function |
percentileif |
Calculates the requested percentiles of the field for the rows where the predicate evaluates to true. |
| Aggregation function |
percentiles_array |
Returns an array of numbers where each element is the value at the corresponding percentile. |
| Aggregation function |
percentiles_arrayif |
Returns an array of percentile values for the records that satisfy the condition. |
| Aggregation function |
rate |
Calculates the rate of values in a group per second. |
| Aggregation function |
spotlight |
Compares a selected set of events against a baseline and surface the most significant differences. |
| Aggregation function |
stdev |
Calculates the standard deviation of an expression across the group. |
| Aggregation function |
stdevif |
Calculates the standard deviation of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
sum |
Calculates the sum of an expression across the group. |
| Aggregation function |
sumif |
Calculates the sum of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
topk |
Calculates the top values of an expression across the group in a dataset. |
| Aggregation function |
topkif |
Calculates the top values of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
variance |
Calculates the variance of an expression across the group. |
| Aggregation function |
varianceif |
Calculates the variance of an expression in records for which the predicate evaluates to true. |
| Aggregation function |
phrases |
Extracts and counts common phrases or word sequences from text fields. |
| Array function |
array_concat |
Concatenates arrays into one. |
| Array function |
array_extract |
Extracts values from a nested array. |
| Array function |
array_iff |
Filters array by condition. |
| Array function |
array_index_of |
Returns index of item in array. |
| Array function |
array_length |
Returns length of array. |
| Array function |
array_reverse |
Reverses array elements. |
| Array function |
array_rotate_left |
Rotates array values to the left. |
| Array function |
array_rotate_right |
Rotates array values to the right. |
| Array function |
array_select_dict |
Selects dictionary from array of dictionaries. |
| Array function |
array_shift_left |
Shifts array values to the left. |
| Array function |
array_shift_right |
Shifts array values to the right. |
| Array function |
array_slice |
Returns slice of an array. |
| Array function |
array_sort_asc |
Sorts an array in ascending order. |
| Array function |
array_sort_desc |
Sorts an array in descending order. |
| Array function |
array_split |
Splits array by indices. |
| Array function |
array_sum |
Sums array elements. |
| Array function |
bag_has_key |
Checks if dynamic object has a specific key. |
| Array function |
bag_keys |
Returns keys of a dynamic property bag. |
| Array function |
bag_pack |
Creates a dynamic property bag from key-value pairs. |
| Array function |
bag_zip |
Combines two arrays of keys and values into a dynamic property bag. |
| Array function |
isarray |
Checks if value is an array. |
| Array function |
len |
Returns array or string length. |
| Array function |
pack_array |
Packs input into a dynamic array. |
| Array function |
pack_dictionary |
Returns a dictionary from key-value mappings. |
| Array function |
strcat_array |
Joins array elements into a string using a delimiter. |
| Conditional function |
case |
Evaluates conditions and returns the first matched result. |
| Conditional function |
iff |
Returns one of two values based on predicate. |
| Conversion function |
dynamic_to_json |
Converts dynamic value to JSON string. |
| Conversion function |
ensure_field |
Returns value of field or typed null. |
| Conversion function |
isbool |
Checks if expression evaluates to boolean. |
| Conversion function |
toarray |
Converts to array. |
| Conversion function |
tobool |
Converts to boolean. |
| Conversion function |
todatetime |
Converts to datetime. |
| Conversion function |
todouble |
Converts to real. todouble and toreal are synonyms. |
| Conversion function |
todynamic |
Converts to dynamic. |
| Conversion function |
tohex |
Converts to hexadecimal string. |
| Conversion function |
toint |
Converts to integer. toint and tolong are synonyms. |
| Conversion function |
tolong |
Converts to signed 64-bit long. toint and tolong are synonyms. |
| Conversion function |
toreal |
Converts to real. todouble and toreal are synonyms. |
| Conversion function |
tostring |
Converts to string. |
| Conversion function |
totimespan |
Converts to timespan. |
| Datetime function |
ago |
Subtracts timespan from current time. |
| Datetime function |
datetime_add |
Adds amount to datetime. |
| Datetime function |
datetime_diff |
Difference between two datetimes. |
| Datetime function |
datetime_part |
Extracts part of a datetime. |
| Datetime function |
dayofmonth |
Day number in month. |
| Datetime function |
dayofweek |
Days since previous Sunday. |
| Datetime function |
dayofyear |
Day number in year. |
| Datetime function |
endofday |
Returns end of day. |
| Datetime function |
endofmonth |
Returns end of month. |
| Datetime function |
endofweek |
Returns end of week. |
| Datetime function |
endofyear |
Returns end of year. |
| Datetime function |
getmonth |
Month of a datetime. |
| Datetime function |
getyear |
Year of a datetime. |
| Datetime function |
hourofday |
Hour number of the day. |
| Datetime function |
monthofyear |
Month number of year. |
| Datetime function |
now |
Returns current UTC time. |
| Datetime function |
startofday |
Returns start of day. |
| Datetime function |
startofmonth |
Returns start of month. |
| Datetime function |
startofweek |
Returns start of week. |
| Datetime function |
startofyear |
Returns start of year. |
| Datetime function |
unixtime_microseconds_todatetime |
Converts microsecond Unix timestamp to datetime. |
| Datetime function |
unixtime_milliseconds_todatetime |
Converts millisecond Unix timestamp to datetime. |
| Datetime function |
unixtime_nanoseconds_todatetime |
Converts nanosecond Unix timestamp to datetime. |
| Datetime function |
unixtime_seconds_todatetime |
Converts second Unix timestamp to datetime. |
| Datetime function |
week_of_year |
Returns the ISO 8601 week number from a datetime expression. |
| GenAI function |
genai_concat_contents |
Concatenates message contents from a GenAI conversation array. |
| GenAI function |
genai_conversation_turns |
Counts the number of conversation turns in GenAI messages. |
| GenAI function |
genai_cost |
Calculates the total cost for input and output tokens. |
| GenAI function |
genai_estimate_tokens |
Estimates the number of tokens in a text string. |
| GenAI function |
genai_extract_assistant_response |
Extracts the assistant’s response from a GenAI conversation. |
| GenAI function |
genai_extract_function_results |
Extracts function call results from GenAI messages. |
| GenAI function |
genai_extract_system_prompt |
Extracts the system prompt from a GenAI conversation. |
| GenAI function |
genai_extract_tool_calls |
Extracts tool calls from GenAI messages. |
| GenAI function |
genai_extract_user_prompt |
Extracts the user prompt from a GenAI conversation. |
| GenAI function |
genai_get_content_by_index |
Gets message content by index position. |
| GenAI function |
genai_get_content_by_role |
Gets message content by role. |
| GenAI function |
genai_get_pricing |
Gets pricing information for a specific AI model. |
| GenAI function |
genai_get_role |
Gets the role of a message at a specific index. |
| GenAI function |
genai_has_tool_calls |
Checks if GenAI messages contain tool calls. |
| GenAI function |
genai_input_cost |
Calculates the cost for input tokens. |
| GenAI function |
genai_is_truncated |
Checks if a GenAI response was truncated. |
| GenAI function |
genai_message_roles |
Extracts all message roles from a GenAI conversation. |
| GenAI function |
genai_output_cost |
Calculates the cost for output tokens. |
| Hash function |
hash_md5 |
Returns MD5 hash. |
| Hash function |
hash_sha1 |
Returns SHA-1 hash. |
| Hash function |
hash_sha256 |
Returns SHA256 hash. |
| Hash function |
hash_sha512 |
Returns SHA512 hash. |
| Hash function |
hash |
Returns integer hash of input. |
| IP function |
format_ipv4_mask |
Formats IPv4 and mask to CIDR. |
| IP function |
format_ipv4 |
Formats netmask into IPv4 string. |
| IP function |
geo_info_from_ip_address |
Extracts geolocation from IP address. |
| IP function |
has_any_ipv4_prefix |
Checks if IPv4 starts with any prefix. |
| IP function |
has_any_ipv4 |
Checks if any of given IPv4s exist in column. |
| IP function |
has_ipv4_prefix |
Checks if IPv4 starts with specified prefix. |
| IP function |
has_ipv4 |
Checks if IPv4 is valid and in source text. |
| IP function |
ipv4_compare |
Compares two IPv4 addresses. |
| IP function |
ipv4_is_in_any_range |
Checks if IPv4 is in any specified range. |
| IP function |
ipv4_is_in_range |
Checks if IPv4 is in a given range. |
| IP function |
ipv4_is_match |
Matches IPv4 against a pattern. |
| IP function |
ipv4_is_private |
Checks if IPv4 is private. |
| IP function |
ipv4_netmask_suffix |
Extracts netmask suffix. |
| IP function |
ipv6_compare |
Compares two IPv6 addresses. |
| IP function |
ipv6_is_in_any_range |
Checks if IPv6 is in any range. |
| IP function |
ipv6_is_in_range |
Checks if IPv6 is in range. |
| IP function |
ipv6_is_match |
Checks if IPv6 matches pattern. |
| IP function |
parse_ipv4_mask |
Converts IPv4 and mask to long integer. |
| IP function |
parse_ipv4 |
Converts IPv4 to long integer. |
| Logical operator |
!= |
Returns true if either one (or both) of the operands are null, or they aren’t equal to each other. Otherwise, false. |
| Logical operator |
== |
Returns true if both operands are non-null and equal to each other. Otherwise, false. |
| Logical operator |
and |
Returns true if both operands are true. |
| Logical operator |
or |
Returns true if one of the operands is true, regardless of the other operand. |
| Mathematical function |
abs |
Returns absolute value. |
| Mathematical function |
acos |
Returns arccosine of a number. |
| Mathematical function |
asin |
Returns arcsine of a number. |
| Mathematical function |
atan |
Returns arctangent of a number. |
| Mathematical function |
atan2 |
Returns angle between x-axis and point (y, x). |
| Mathematical function |
cos |
Returns cosine of a number. |
| Mathematical function |
cot |
Returns cotangent of a number. |
| Mathematical function |
degrees |
Converts radians to degrees. |
| Mathematical function |
exp |
Returns e^x. |
| Mathematical function |
exp10 |
Returns 10^x. |
| Mathematical function |
exp2 |
Returns 2^x. |
| Mathematical function |
gamma |
Returns gamma function of x. |
| Mathematical function |
isfinite |
Returns true if x is finite. |
| Mathematical function |
isinf |
Returns true if x is infinite. |
| Mathematical function |
isint |
Returns true if x is an integer. |
| Mathematical function |
isnan |
Returns true if x is NaN. |
| Mathematical function |
log |
Returns natural logarithm of x. |
| Mathematical function |
log10 |
Returns base-10 logarithm. |
| Mathematical function |
log2 |
Returns base-2 logarithm. |
| Mathematical function |
loggamma |
Returns log of absolute gamma function. |
| Mathematical function |
max_of |
Returns largest value among arguments. |
| Mathematical function |
min_of |
Returns smallest value among arguments. |
| Mathematical function |
not |
Reverses boolean value. |
| Mathematical function |
pi |
Returns value of Pi. |
| Mathematical function |
pow |
Returns value raised to a power. |
| Mathematical function |
radians |
Converts degrees to radians. |
| Mathematical function |
rand |
Returns pseudo-random numbers between 0 (inclusive) and 1 (exclusive). |
| Mathematical function |
range |
Returns a dynamic array of evenly spaced values. |
| Mathematical function |
round |
Rounds value to given precision. |
| Mathematical function |
set_difference |
Returns array difference. |
| Mathematical function |
set_has_element |
Returns true if set contains an element. |
| Mathematical function |
set_intersect |
Returns array intersection. |
| Mathematical function |
set_union |
Returns array union. |
| Mathematical function |
sign |
Returns sign of number. |
| Mathematical function |
sin |
Returns sine of a number. |
| Mathematical function |
sqrt |
Returns square root of a number. |
| Mathematical function |
tan |
Returns tangent of a number. |
| Metadata function |
column_ifexists |
Checks if a field with a given name exists in the dataset. |
| Metadata function |
cursor_current |
Retrieves a cursor string representing the current query execution point. |
| Metadata function |
ingestion_time |
Retrieves the timestamp of when each record was ingested into Axiom. |
| Numerical operator |
- |
Subtract. Example: 0.26 - 0.23 |
| Numerical operator |
!= |
Not equals. Example: 2 != 1 |
| Numerical operator |
* |
Multiply. Example: 1s * 5, 5 * 5 |
| Numerical operator |
/ |
Divide. Example: 10m / 1s, 4 / 2 |
| Numerical operator |
< |
Less. Example: 1 < 2, 1 <= 1 |
| Numerical operator |
<= |
Less or Equal. Example: 5 <= 6 |
| Numerical operator |
% |
Modulo. Example: 10 % 3, 5 % 2 |
| Numerical operator |
+ |
Add. Example: 3.19 + 3.19, ago(10m) + 10m |
| Numerical operator |
== |
Equals. Example: 3 == 3 |
| Numerical operator |
> |
Greater. Example: 0.23 > 0.22, now() > ago(1d) |
| Numerical operator |
>= |
Greater or Equal. Example: 7 >= 6 |
| Pair function |
find_pair |
Searches an array of key-value pairs for the first pair matching specified patterns. |
| Pair function |
pair |
Creates a dynamic object representing a key-value pair. |
| Pair function |
parse_pair |
Parses a pair string into its key and value components. |
| Rounding function |
bin |
Rounds values down to an integer multiple of a specified bin size. |
| Rounding function |
bin_auto |
Rounds datetime values down to a fixed-size bin with automatic size selection. |
| Rounding function |
ceiling |
Rounds a number up to the smallest integer greater than or equal to the input. |
| Rounding function |
floor |
Rounds a number down to the largest integer less than or equal to the input. |
| Set membership operator |
in |
Equals to one of the elements (case-sensitive). Example: "abc" in ("123", "345", "abc") |
| Set membership operator |
in~ |
Equals to one of the elements (case-insensitive). Example: "abc" in~ ("123", "345", "ABC") |
| Set membership operator |
!in |
Not equals to any of the elements (case-sensitive). Example: "bca" !in ("123", "345", "abc") |
| Set membership operator |
!in~ |
Not equals to any of the elements (case-insensitive). Example: "bca" !in~ ("123", "345", "ABC") |
| SQL function |
format_sql |
Converts parsed SQL data model back into SQL statement. |
| SQL function |
parse_sql |
Parses and analyzes SQL queries. |
| String function |
base64_decode_toarray |
Decodes a Base64-encoded string into an array of bytes. |
| String function |
base64_decode_tostring |
Decodes a base64 string to a UTF-8 string. |
| String function |
base64_encode_fromarray |
Converts a sequence of bytes into a Base64-encoded string. |
| String function |
base64_encode_tostring |
Encodes a string as base64 string. |
| String function |
coalesce |
Returns the first non-null/non-empty value from a list. |
| String function |
countof_regex |
Counts occurrences of a regex in a string. |
| String function |
countof |
Counts occurrences of a substring in a string. |
| String function |
extract_all |
Gets all matches for a regular expression from a text string. |
| String function |
extract |
Gets a match for a regular expression from a text string. |
| String function |
format_bytes |
Formats a number of bytes as a string including units. |
| String function |
format_url |
Formats a string into a valid URL. |
| String function |
gettype |
Returns the runtime type of an argument. |
| String function |
indexof |
Returns index of the first occurrence of a substring. |
| String function |
isascii |
Returns true if all characters in an input string are ASCII characters. |
| String function |
isempty |
Returns true if the argument is empty or null. |
| String function |
isnotempty |
Returns true if the argument isn’t empty or null. |
| String function |
isnotnull |
Returns true if the argument isn’t null. |
| String function |
isnull |
Returns true if the argument is null. |
| String function |
parse_bytes |
Parses byte-size string to number of bytes. |
| String function |
parse_csv |
Splits a CSV-formatted string into an array. |
| String function |
parse_json |
Parses a string as a JSON value. |
| String function |
parse_url |
Parses a URL string and returns parts in a dynamic object. |
| String function |
parse_urlquery |
Parses a URL query string into key-value pairs. |
| String function |
quote |
Returns a string representing the input enclosed in double quotes, with internal quotes and escape sequences handled appropriately. |
| String function |
replace_regex |
Replaces regex matches with another string. |
| String function |
replace_string |
Replaces string matches with another string. |
| String function |
replace |
Replaces all regex matches with another string. |
| String function |
reverse |
Reverses a string. |
| String function |
split |
Splits a string into an array using a delimiter. |
| String function |
strcat_delim |
Concatenates 2–64 arguments with a delimiter. |
| String function |
strcat |
Concatenates 1–64 arguments. |
| String function |
strcmp |
Compares two strings. |
| String function |
string-size |
Returns the length, in characters, of the input string. |
| String function |
strip_ansi_escapes |
Removes ANSI escape sequences from strings. |
| String function |
strlen |
Returns the length of a string. |
| String function |
strrep |
Repeats a string a given number of times. |
| String function |
substring |
Extracts a substring. |
| String function |
tolower |
Converts string to lowercase. |
| String function |
totitle |
Converts string to title case. |
| String function |
toupper |
Converts string to uppercase. |
| String function |
translate |
Substitutes characters in a string, one by one, based on their position in two input lists. |
| String function |
trim_end_regex |
Trims trailing characters using regex. |
| String function |
trim_end |
Trims trailing characters. |
| String function |
trim_regex |
Trims characters matching a regex. |
| String function |
trim_space |
Removes all leading and trailing whitespace from a string. |
| String function |
trim_start_regex |
Trims leading characters using regex. |
| String function |
trim_start |
Trims leading characters. |
| String function |
trim |
Trims leading/trailing characters. |
| String function |
unicode_codepoints_from_string |
Converts a UTF-8 string into an array of Unicode code points. |
| String function |
unicode_codepoints_to_string |
Converts an array of Unicode code points into a UTF-8 encoded string. |
| String function |
url_decode |
Decodes a URL-encoded string. |
| String function |
url_encode |
Encodes characters into a URL-friendly format. |
| String operator |
!= |
Not equals (case-sensitive). Example: "abc" != "ABC" |
| String operator |
!~ |
Not equals (case-insensitive). Example: "aBc" !~ "xyz" |
| String operator |
!contains_cs |
RHS doesn’t occur in LHS (case-sensitive). Example: "parentSpanId" !contains_cs "Id" |
| String operator |
!contains |
RHS doesn’t occur in LHS (case-insensitive). Example: "parentSpanId" !contains "abc" |
| String operator |
!endswith_cs |
RHS isn’t a closing subsequence of LHS (case-sensitive). Example: "parentSpanId" !endswith_cs "Span" |
| String operator |
!endswith |
RHS isn’t a closing subsequence of LHS (case-insensitive). Example: "parentSpanId" !endswith "Span" |
| String operator |
!has_cs |
RHS isn’t a whole term in LHS (case-sensitive). Example: "North America" !has_cs "America" |
| String operator |
!has |
RHS isn’t a whole term in LHS (case-insensitive). Example: "North America" !has "america" |
| String operator |
!hasprefix_cs |
LHS string doesn’t start with the RHS string (case-sensitive). Example: "DOCS_file" !hasprefix_cs "DOCS" |
| String operator |
!hasprefix |
LHS string doesn’t start with the RHS string (case-insensitive). Example: "Admin_User" !hasprefix "Admin" |
| String operator |
!hassuffix_cs |
LHS string doesn’t end with the RHS string (case-sensitive). Example: "Document.HTML" !hassuffix_cs ".HTML" |
| String operator |
!hassuffix |
LHS string doesn’t end with the RHS string (case-insensitive). Example: "documentation.docx" !hassuffix ".docx" |
| String operator |
!matches regex |
LHS doesn’t contain a match for RHS. Example: "parentSpanId" !matches regex "g.*r" |
| String operator |
!startswith_cs |
RHS isn’t an initial subsequence of LHS (case-sensitive). Example: "parentSpanId" !startswith_cs "parent" |
| String operator |
!startswith |
RHS isn’t an initial subsequence of LHS (case-insensitive). Example: "parentSpanId" !startswith "Id" |
| String operator |
== |
Equals (case-sensitive). Example: "aBc" == "aBc" |
| String operator |
=~ |
Equals (case-insensitive). Example: "abc" =~ "ABC" |
| String operator |
contains_cs |
RHS occurs as a subsequence of LHS (case-sensitive). Example: "parentSpanId" contains_cs "Id" |
| String operator |
contains |
RHS occurs as a subsequence of LHS (case-insensitive). Example: "parentSpanId" contains "Span" |
| String operator |
endswith_cs |
RHS is a closing subsequence of LHS (case-sensitive). Example: "parentSpanId" endswith_cs "Id" |
| String operator |
endswith |
RHS is a closing subsequence of LHS (case-insensitive). Example: "parentSpanId" endswith "Id" |
| String operator |
has_cs |
RHS is a whole term in LHS (case-sensitive). Example: "North America" has_cs "America" |
| String operator |
has |
RHS is a whole term in LHS (case-insensitive). Example: "North America" has "america" |
| String operator |
has_any |
RHS has any whole term in LHS (case-insensitive). Example: "North America" has_any ("america", "europe") |
| String operator |
has_any_cs |
RHS has any whole term in LHS (case-sensitive). Example: "North America" has_any_cs ("America", "Europe") |
| String operator |
hasprefix_cs |
LHS string starts with the RHS string (case-sensitive). Example: "DOCS_file" hasprefix_cs "DOCS" |
| String operator |
hasprefix |
LHS string starts with the RHS string (case-insensitive). Example: "Admin_User" hasprefix "Admin" |
| String operator |
hassuffix_cs |
LHS string ends with the RHS string (case-sensitive). Example: "Document.HTML" hassuffix_cs ".HTML" |
| String operator |
hassuffix |
LHS string ends with the RHS string (case-insensitive). Example: "documentation.docx" hassuffix ".docx" |
| String operator |
matches regex |
LHS contains a match for RHS. Example: "parentSpanId" matches regex "g.*r" |
| String operator |
startswith_cs |
RHS is an initial subsequence of LHS (case-sensitive). Example: "parentSpanId" startswith_cs "parent" |
| String operator |
startswith |
RHS is an initial subsequence of LHS (case-insensitive). Example: "parentSpanId" startswith "parent" |
| Tabular operator |
count |
Returns an integer representing the total number of records in the dataset. |
| Tabular operator |
distinct |
Returns a dataset with unique values from the specified fields, removing any duplicate entries. |
| Tabular operator |
extend-valid |
Returns a table where the specified fields are extended with new values based on the given expression for valid rows. |
| Tabular operator |
extend |
Returns the original dataset with one or more new fields appended, based on the defined expressions. |
| Tabular operator |
externaldata |
Returns a table with the specified schema, containing data retrieved from an external source. |
| Tabular operator |
getschema |
Returns the schema of the input, including field names and their data types. |
| Tabular operator |
join |
Returns a dataset containing rows from two different tables based on conditions. |
| Tabular operator |
limit |
Returns the top N rows from the input dataset. |
| Tabular operator |
lookup |
Returns a dataset where rows from one dataset are enriched with matching columns from a lookup table based on conditions. |
| Tabular operator |
make-series |
Returns a dataset where the specified field is aggregated into a time series. |
| Tabular operator |
mv-expand |
Returns a dataset where the specified field is expanded into multiple rows. |
| Tabular operator |
order |
Returns the input dataset, sorted according to the specified fields and order. |
| Tabular operator |
parse |
Returns the input dataset with new fields added based on the specified parsing pattern. |
| Tabular operator |
parse-kv |
Returns a dataset where key-value pairs are extracted from a string field into individual columns. |
| Tabular operator |
parse-where |
Returns a dataset where values from a string are extracted based on a pattern. |
| Tabular operator |
project-away |
Returns the input dataset excluding the specified fields. |
| Tabular operator |
project-keep |
Returns a dataset with only the specified fields. |
| Tabular operator |
project-rename |
Returns a dataset where the specified field is renamed according to the specified pattern. |
| Tabular operator |
project-reorder |
Returns a table with the specified fields reordered as requested followed by any unspecified fields in their original order. |
| Tabular operator |
project |
Returns a dataset containing only the specified fields. |
| Tabular operator |
redact |
Returns the input dataset with sensitive data replaced or hashed. |
| Tabular operator |
sample |
Returns a table containing the specified number of rows, selected randomly from the input dataset. |
| Tabular operator |
search |
Returns all rows where the specified keyword appears in any field. |
| Tabular operator |
sort |
Returns a table with rows ordered based on the specified fields. |
| Tabular operator |
summarize |
Returns a table where each row represents a unique combination of values from the by fields, with the aggregated results calculated for the other fields. |
| Tabular operator |
take |
Returns the specified number of rows from the dataset. |
| Tabular operator |
top |
Returns the top N rows from the dataset based on the specified sorting criteria. |
| Tabular operator |
union |
Returns all rows from the specified tables or queries. |
| Tabular operator |
where |
Returns a filtered dataset containing only the rows where the condition evaluates to true. |
| Time series function |
series_abs |
Returns the absolute value of a series. |
| Time series function |
series_acos |
Returns the inverse cosine (arccos) of a series. |
| Time series function |
series_add |
Performs element-wise addition between two series. |
| Time series function |
series_asin |
Returns the inverse sine (arcsin) of a series. |
| Time series function |
series_atan |
Returns the inverse tangent (arctan) of a series. |
| Time series function |
series_ceiling |
Rounds each element up to the nearest integer. |
| Time series function |
series_cos |
Returns the cosine of a series. |
| Time series function |
series_cosine_similarity |
Calculates the cosine similarity between two series. |
| Time series function |
series_divide |
Performs element-wise division between two series. |
| Time series function |
series_dot_product |
Calculates the dot product between two series. |
| Time series function |
series_equals |
Compares each element in a series to a specified value and returns a boolean array. |
| Time series function |
series_exp |
Calculates the exponential (e^x) of each element in a series. |
| Time series function |
series_fft |
Performs a Fast Fourier Transform on a series, converting time-domain data into frequency-domain representation. |
| Time series function |
series_fill_backward |
Fills missing values by propagating the last known value backward through the array. |
| Time series function |
series_fill_const |
Fills missing values with a specified constant value. |
| Time series function |
series_fill_forward |
Fills missing values by propagating the first known value forward through the array. |
| Time series function |
series_fill_linear |
Fills missing values using linear interpolation between known values. |
| Time series function |
series_fir |
Applies a Finite Impulse Response filter to a series using a specified filter kernel. |
| Time series function |
series_floor |
Rounds down each element in a series to the nearest integer. |
| Time series function |
series_greater |
Returns the elements of a series that are greater than a specified value. |
| Time series function |
series_greater_equals |
Returns the elements of a series that are greater than or equal to a specified value. |
| Time series function |
series_ifft |
Performs an Inverse Fast Fourier Transform on a series, converting frequency-domain data back into time-domain representation. |
| Time series function |
series_iir |
Applies an Infinite Impulse Response filter to a series. |
| Time series function |
series_less |
Returns the elements of a series that are less than a specified value. |
| Time series function |
series_less_equals |
Returns the elements of a series that are less than or equal to a specified value. |
| Time series function |
series_log |
Returns the natural logarithm of each element in a series. |
| Time series function |
series_magnitude |
Calculates the Euclidean norm (magnitude) of a series. |
| Time series function |
series_max |
Returns the maximum value from a series. |
| Time series function |
series_min |
Returns the minimum value from a series. |
| Time series function |
series_multiply |
Performs element-wise multiplication of two series. |
| Time series function |
series_not_equals |
Returns the elements of a series that aren’t equal to a specified value. |
| Time series function |
series_pearson_correlation |
Calculates the Pearson correlation coefficient between two series. |
| Time series function |
series_pow |
Raises each element in a series to a specified power. |
| Time series function |
series_sign |
Returns the sign of each element in a series. |
| Time series function |
series_sin |
Returns the sine of a series. |
| Time series function |
series_stats |
Computes comprehensive statistical measures for a series. |
| Time series function |
series_stats_dynamic |
Computes statistical measures and returns them in a dynamic object format. |
| Time series function |
series_subtract |
Performs element-wise subtraction between two series. |
| Time series function |
series_sum |
Returns the sum of a series. |
| Time series function |
series_tan |
Returns the tangent of a series. |
| Type function |
iscc |
Checks whether a value is a valid credit card (CC) number. |
| Type function |
isimei |
Checks whether a value is a valid International Mobile Equipment Identity (IMEI) number. |
| Type function |
ismap |
Checks whether a value is of the dynamic type and represents a mapping. |
| Type function |
isreal |
Checks whether a value is a real number. |
| Type function |
isstring |
Checks whether a value is a string. |
| Type function |
isutf8 |
Checks whether a value is a valid UTF-8 encoded sequence. |