The rate aggregation function in APL (Axiom Processing Language) helps you calculate the rate of change over a specific time interval. This is especially useful for scenarios where you need to monitor how frequently an event occurs or how a value changes over time. For example, you can use the rate function to track request rates in web logs or changes in metrics like CPU usage or memory consumption.

The rate function is useful for analyzing trends in time series data and identifying unusual spikes or drops in activity. It can help you understand patterns in logs, metrics, and traces over specific intervals, such as per minute, per second, or per hour.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

rate(field)

Parameters

  • field: The numeric field for which you want to calculate the rate.

Returns

Returns the rate of change or occurrence of the specified field over the time interval specified in the query.

Specify the time interval in the query in the following way:

  • | summarize rate(field) calculates the rate value of the field over the entire query window.
  • | summarize rate(field) by bin(_time, 1h) calculates the rate value of the field over a one-hour time window.
  • | summarize rate(field) by bin_auto(_time) calculates the rate value of the field bucketed by an automatic time window computed by bin_auto().

Use two summarize statements to visualize the average rate over one minute per hour. For example:

['sample-http-logs']
| summarize respBodyRate = rate(resp_body_size_bytes) by bin(_time, 1m)
| summarize avg(respBodyRate) by bin(_time, 1h)

Run in Playground

Use case examples

In this example, the rate aggregation calculates the rate of HTTP response sizes per second.

Query

['sample-http-logs']
| summarize rate(resp_body_size_bytes) by bin(_time, 1s)

Run in Playground

Output

rate_time
854 kB2024-01-01 12:00:00
635 kB2024-01-01 12:00:01

This query calculates the rate of HTTP response sizes per second.

  • count: Returns the total number of records. Use count when you want an absolute total instead of a rate over time.
  • sum: Returns the sum of values in a field. Use sum when you want to aggregate the total value, not its rate of change.
  • avg: Returns the average value of a field. Use avg when you want to know the mean value rather than how it changes over time.
  • max: Returns the maximum value of a field. Use max when you need to find the peak value instead of how often or quickly something occurs.
  • min: Returns the minimum value of a field. Use min when you’re looking for the lowest value rather than a rate.

Was this page helpful?

percentilestdev