The series_equals function compares each element in a numeric dynamic array (series) to a specified value and returns a boolean array indicating which elements are equal to that value. This function is useful for filtering, conditional analysis, and identifying specific values within time series data.
You can use series_equals when you want to identify occurrences of specific values in your data, such as finding exact matches for thresholds, status codes, or target values. Typical applications include anomaly detection, data validation, and conditional processing of time series data.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, equality comparisons are typically done with the eval function and comparison operators like ==. To compare multiple values, you usually need to expand arrays and apply comparisons row by row. In APL, series_equals works directly on dynamic arrays, making it efficient for series-wide comparisons.
datatable(values: dynamic)
[
dynamic([150, 200, 250, 200])
]
| extend equals_200 = series_equals(values, 200)In SQL, equality comparisons use the = operator, but this only works on single values, not arrays. To compare array elements, you typically need to unnest arrays and apply comparisons row by row. In APL, series_equals eliminates this complexity by directly comparing each element in an array to a target value.
datatable(values: dynamic)
[
dynamic([150, 200, 250, 200])
]
| extend equals_200 = series_equals(values, 200)Usage
Syntax
series_equals(array, value)Parameters
| Parameter | Type | Description |
|---|---|---|
array |
dynamic | A dynamic array of real numeric values. |
value |
numeric | The value to compare against each array element. |
Returns
A dynamic array of boolean values where each element indicates whether the corresponding input element equals the specified value.
Use case examples
In log analysis, you can use series_equals to identify requests that match specific duration thresholds or status codes across multiple requests per user.
Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend is_200ms = series_equals(durations, 200)Output
| id | durations | is_200ms |
|---|---|---|
| u123 | [150, 200, 250] | [false, true, false] |
| u456 | [200, 200, 180] | [true, true, false] |
This query identifies which request durations exactly equal 200ms for each user, useful for finding requests that hit specific performance targets.
In OpenTelemetry traces, you can use series_equals to identify spans with specific duration values or status codes across multiple spans per service.
Query
['otel-demo-traces']
| summarize durations = make_list(toreal(duration)) by ['service.name']
| extend is_1s = series_equals(durations, toreal(1s))Output
| service.name | durations | is_1s |
|---|---|---|
| frontend | [800, 1000, 1200] | [false, true, false] |
| productcatalogservice | [1000, 1000, 900] | [true, true, false] |
This query identifies spans with exactly 1-second durations per service, useful for finding spans that hit specific latency targets.
In security logs, you can use series_equals to identify requests with specific status codes or durations that might indicate security events.
Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by status
| extend is_500ms = series_equals(durations, 500)Output
| status | durations | is_500ms |
|---|---|---|
| 200 | [300, 500, 400] | [false, true, false] |
| 500 | [500, 500, 600] | [true, true, false] |
This query identifies requests with exactly 500ms duration grouped by status code, useful for finding requests that hit specific timing thresholds.
List of related functions
- series_greater: Returns elements greater than a specified value. Use when you need threshold-based filtering instead of exact matches.
- series_greater_equals: Returns elements greater than or equal to a specified value. Use for inclusive threshold comparisons.
- series_less: Returns elements less than a specified value. Use for lower-bound filtering.
- series_less_equals: Returns elements less than or equal to a specified value. Use for inclusive lower-bound comparisons.
- series_not_equals: Returns elements not equal to a specified value. Use for exclusion-based filtering.