The varianceif aggregation in APL calculates the variance of values that meet a specified condition. This is useful when you want to understand the variability of a subset of data without considering all data points. For example, you can use varianceif to compute the variance of request durations for HTTP requests that resulted in a specific status code or to track anomalies in trace durations for a particular service. You can use the varianceif aggregation when analyzing logs, telemetry data, or security events where conditions on subsets of the data are critical to your analysis.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

summarize varianceif(Expr, Predicate)

Parameters

  • Expr: The expression (numeric) for which you want to calculate the variance.
  • Predicate: A boolean condition that determines which records to include in the calculation.

Returns

Returns the variance of Expr for the records where the Predicate is true. If no records match the condition, it returns null.

Use case examples

You can use the varianceif function to calculate the variance of HTTP request durations for requests that succeeded (status == '200').Query
['sample-http-logs']
| summarize varianceif(req_duration_ms, status == '200')
Run in PlaygroundOutput
varianceif_req_duration_ms
15.6
This query calculates the variance of request durations for all HTTP requests that returned a status code of 200 (successful requests).
  • avgif: Computes the average value of an expression for records that match a given condition. Use avgif when you want the average instead of variance.
  • sumif: Returns the sum of values that meet a specified condition. Use sumif when you’re interested in totals, not variance.
  • stdevif: Returns the standard deviation of values based on a condition. Use stdevif when you want to measure dispersion using standard deviation instead of variance.