The make_list_if aggregation function in APL creates a list of values from a given field, conditioned on a Boolean expression. This function is useful when you need to gather values from a column that meet specific criteria into a single array. By using make_list_if, you can aggregate data based on dynamic conditions, making it easier to perform detailed analysis. This aggregation is ideal in scenarios where filtering at the aggregation level is required, such as gathering only the successful requests or collecting trace spans of a specific service in OpenTelemetry data. It’s particularly useful when analyzing logs, tracing information, or security events, where conditional aggregation is essential for understanding trends or identifying issues.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

summarize make_list_if(expression, condition)

Parameters

  • expression: The field or expression whose values will be included in the list.
  • condition: A Boolean condition that determines which values from expression are included in the result.

Returns

The function returns an array containing all values from expression that meet the specified condition.

Use case examples

In this example, we will gather a list of request durations for successful HTTP requests.Query
['sample-http-logs']
| summarize make_list_if(req_duration_ms, status == '200') by id
Run in PlaygroundOutput
idreq_duration_ms_list
123[100, 150, 200]
456[300, 350, 400]
This query aggregates request durations for HTTP requests that returned a status of ‘200’ for each user ID.
  • make_list: Aggregates all values into a list without any conditions. Use make_list when you don’t need to filter the values based on a condition.
  • countif: Counts the number of records that satisfy a specific condition. Use countif when you need a count of occurrences rather than a list of values.
  • avgif: Calculates the average of values that meet a specified condition. Use avgif for numerical aggregations where you want a conditional average instead of a list.