The count operator in Axiom Processing Language (APL) is a simple yet powerful aggregation function that returns the total number of records in a dataset. You can use it to calculate the number of rows in a table or the results of a query. The count operator is useful in scenarios such as log analysis, telemetry data processing, and security monitoring, where you need to know how many events, transactions, or data entries match certain criteria.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

In Splunk’s SPL, the stats count function is used to count the number of events in a dataset. In APL, the equivalent operation is simply count. You can use count in APL without the need for additional function wrapping.

```splunk Splunk example index=web_logs | stats count ``` 
['sample-http-logs']
| count

In ANSI SQL, you typically use COUNT(*) or COUNT(field) to count the number of rows in a table. In APL, the count operator achieves the same functionality, but it doesn’t require a field name or *.

```sql SQL example SELECT COUNT(*) FROM web_logs; ``` 
['sample-http-logs']
| count

Usage

Syntax

| count

Parameters

The count operator doesn’t take any parameters. It simply returns the number of records in the dataset or query result.

Returns

count returns an integer representing the total number of records in the dataset.

Use case examples

In this example, you count the total number of HTTP requests in the ['sample-http-logs'] dataset.

Query

['sample-http-logs']
| count

Run in Playground

Output

count
15000

This query returns the total number of HTTP requests recorded in the logs.

In this example, you count the number of traces in the ['otel-demo-traces'] dataset.

Query

['otel-demo-traces'] |
count

Run in Playground

Output

count
5000

This query returns the total number of OpenTelemetry traces in the dataset.

In this example, you count the number of security events in the ['sample-http-logs'] dataset where the status code indicates an error (status codes 4xx or 5xx).

Query

['sample-http-logs'] |
where status startswith '4' or status startswith '5' |
count

Run in Playground

Output

count
1200

This query returns the number of HTTP requests that resulted in an error (HTTP status code 4xx or 5xx).
  • summarize: The summarize operator is used to aggregate data based on one or more fields, allowing you to calculate sums, averages, and other statistics, including counts. Use summarize when you need to group data before counting.
  • extend: The extend operator adds calculated fields to a dataset. You can use extend alongside count if you want to add additional calculated data to your query results.
  • project: The project operator selects specific fields from a dataset. While count returns the total number of records, project can limit or change which fields you see.
  • where: The where operator filters rows based on a condition. Use where with count to only count records that meet certain criteria.
  • take: The take operator returns a specified number of records. You can use take to limit results before applying count if you’re interested in counting a sample of records.

Good evening

I'm here to help you with the docs.

I
AIBased on your context