Use the bin_auto function to round datetime values down to fixed-size bins where the bin size is automatically determined by the query's time range. This function simplifies time-series analysis by automatically selecting an appropriate granularity based on the data being queried.

The bin_auto function is designed for use with the summarize operator and works exclusively with the _time column. It automatically adjusts the bin size to provide meaningful aggregation intervals, making it ideal for dashboards and visualizations where the time range varies.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

In Splunk SPL, automatic time bucketing is handled by the timechart command, which automatically selects span sizes. APL's bin_auto provides similar automatic binning within the summarize operator.

```sql Splunk example | timechart count ``` 
['sample-http-logs']
| summarize count() by bin_auto(_time)

ANSI SQL does not have a direct equivalent to automatic time binning. You typically need to calculate the bin size manually based on the query time range. APL's bin_auto handles this automatically.

```sql SQL example -- Manual calculation required based on time range SELECT DATE_TRUNC('hour', timestamp) AS time_bucket, COUNT(*) FROM logs GROUP BY time_bucket ``` 
['sample-http-logs']
| summarize count() by bin_auto(_time)

Usage

Syntax

bin_auto(expression)

Parameters

Name Type Description
expression datetime A datetime expression to round. Typically the _time column.

Returns

The nearest multiple of the automatically determined bin size below the input expression. The bin size is calculated based on the query's time range to provide an appropriate number of data points.

Use case examples

Create a time-series view of HTTP traffic with automatic time granularity.

Query

['sample-http-logs']
| summarize request_count = count() by bin_auto(_time)

Run in Playground

Output

request_count
4520

This query automatically groups HTTP requests into time buckets based on the query time range, making it easy to visualize traffic patterns without manually specifying bin sizes.

Monitor span counts over time with adaptive time resolution.

Query

['otel-demo-traces']
| summarize span_count = count() by bin_auto(_time), ['service.name']
| order by span_count desc

Run in Playground

Output

service.name span_count
frontend 1250
cart 430
checkout 180

This query provides a time-series breakdown of span activity per service, with the time granularity automatically adjusted based on the query's time range.
  • bin: Rounds values down to a specified bin size. Use bin when you need explicit control over the interval size.
  • floor: Rounds down to the largest integer less than or equal to the input. Use bin_auto for datetime-specific binning with automatic sizing.
  • summarize: The bin_auto function is designed for use within the summarize operator for time-based aggregations.

Good evening

I'm here to help you with the docs.

I
AIBased on your context