All features of Axiom Processing Language (APL)
This page gives an overview about all the features of Axiom Processing Language (APL).
| Category | Feature | Description |
|---|---|---|
| Aggregation function | arg_max | Returns the row where an expression evaluates to the maximum value. |
| Aggregation function | arg_min | Returns the row where an expression evaluates to the minimum value. |
| Aggregation function | avg | Returns an average value across the group. |
| Aggregation function | avgif | Calculates the average value of an expression in records for which the predicate evaluates to true. |
| Aggregation function | count | Returns a count of the group without/with a predicate. |
| Aggregation function | countif | Returns a count of rows for which the predicate evaluates to true. |
| Aggregation function | dcount | Returns an estimate for the number of distinct values that are taken by a scalar expression in the summary group. |
| Aggregation function | dcountif | Returns an estimate of the number of distinct values of an expression of rows for which the predicate evaluates to true. |
| Aggregation function | histogram | Returns a timeseries heatmap chart across the group. |
| Aggregation function | make_list_if | Creates a dynamic JSON object (array) of an expression values in the group for which the predicate evaluates to true. |
| Aggregation function | make_list | Creates a dynamic JSON object (array) of all the values of an expression in the group. |
| Aggregation function | make_set_if | Creates a dynamic JSON object (array) of the set of distinct values that an expression takes in records for which the predicate evaluates to true. |
| Aggregation function | make_set | Creates a dynamic JSON array of the set of distinct values that an expression takes in the group. |
| Aggregation function | max | Returns the maximum value across the group. |
| Aggregation function | maxif | Calculates the maximum value of an expression in records for which the predicate evaluates to true. |
| Aggregation function | min | Returns the minimum value across the group. |
| Aggregation function | minif | Returns the minimum of an expression in records for which the predicate evaluates to true. |
| Aggregation function | percentile | Calculates the requested percentiles of the group and produces a timeseries chart. |
| Aggregation function | percentileif | Calculates the requested percentiles of the field for the rows where the predicate evaluates to true. |
| Aggregation function | percentiles_array | Returns an array of numbers where each element is the value at the corresponding percentile. |
| Aggregation function | percentiles_arrayif | Returns an array of percentile values for the records that satisfy the condition. |
| Aggregation function | rate | Calculates the rate of values in a group per second. |
| Aggregation function | stdev | Calculates the standard deviation of an expression across the group. |
| Aggregation function | stdevif | Calculates the standard deviation of an expression in records for which the predicate evaluates to true. |
| Aggregation function | sum | Calculates the sum of an expression across the group. |
| Aggregation function | sumif | Calculates the sum of an expression in records for which the predicate evaluates to true. |
| Aggregation function | topk | Calculates the top values of an expression across the group in a dataset. |
| Aggregation function | topkif | Calculates the top values of an expression in records for which the predicate evaluates to true. |
| Aggregation function | variance | Calculates the variance of an expression across the group. |
| Aggregation function | varianceif | Calculates the variance of an expression in records for which the predicate evaluates to true. |
| Array function | array_concat | Concatenates arrays into one. |
| Array function | array_extract | Extracts values from a nested array. |
| Array function | array_iff | Filters array by condition. |
| Array function | array_index_of | Returns index of item in array. |
| Array function | array_length | Returns length of array. |
| Array function | array_reverse | Reverses array elements. |
| Array function | array_rotate_left | Rotates array values to the left. |
| Array function | array_rotate_right | Rotates array values to the right. |
| Array function | array_select_dict | Selects dictionary from array of dictionaries. |
| Array function | array_shift_left | Shifts array values to the left. |
| Array function | array_shift_right | Shifts array values to the right. |
| Array function | array_slice | Returns slice of an array. |
| Array function | array_sort_asc | Sorts an array in ascending order. |
| Array function | array_sort_desc | Sorts an array in descending order. |
| Array function | array_split | Splits array by indices. |
| Array function | array_sum | Sums array elements. |
| Array function | bag_has_key | Checks if dynamic object has a specific key. |
| Array function | bag_keys | Returns keys of a dynamic property bag. |
| Array function | bag_pack | Creates a dynamic property bag from key-value pairs. |
| Array function | isarray | Checks if value is an array. |
| Array function | len | Returns array or string length. |
| Array function | pack_array | Packs input into a dynamic array. |
| Array function | pack_dictionary | Returns a dictionary from key-value mappings. |
| Array function | strcat_array | Joins array elements into a string using a delimiter. |
| Conditional function | case | Evaluates conditions and returns the first matched result. |
| Conditional function | iff | Returns one of two values based on predicate. |
| Conversion function | dynamic_to_json | Converts dynamic value to JSON string. |
| Conversion function | ensure_field | Returns value of field or typed null. |
| Conversion function | isbool | Checks if expression evaluates to boolean. |
| Conversion function | toarray | Converts to array. |
| Conversion function | tobool | Converts to boolean. |
| Conversion function | todatetime | Converts to datetime. |
| Conversion function | todouble | Converts to real. |
| Conversion function | todynamic | Converts to dynamic. |
| Conversion function | tohex | Converts to hexadecimal string. |
| Conversion function | toint | Converts to integer. |
| Conversion function | tolong | Converts to signed 64-bit long. |
| Conversion function | toreal | Converts to real. |
| Conversion function | tostring | Converts to string. |
| Conversion function | totimespan | Converts to timespan. |
| Datetime function | ago | Subtracts timespan from current time. |
| Datetime function | datetime_add | Adds amount to datetime. |
| Datetime function | datetime_diff | Difference between two datetimes. |
| Datetime function | datetime_part | Extracts part of a datetime. |
| Datetime function | dayofmonth | Day number in month. |
| Datetime function | dayofweek | Days since previous Sunday. |
| Datetime function | dayofyear | Day number in year. |
| Datetime function | endofday | Returns end of day. |
| Datetime function | endofmonth | Returns end of month. |
| Datetime function | endofweek | Returns end of week. |
| Datetime function | endofyear | Returns end of year. |
| Datetime function | getmonth | Month of a datetime. |
| Datetime function | getyear | Year of a datetime. |
| Datetime function | hourofday | Hour number of the day. |
| Datetime function | monthofyear | Month number of year. |
| Datetime function | now | Returns current UTC time. |
| Datetime function | startofday | Returns start of day. |
| Datetime function | startofmonth | Returns start of month. |
| Datetime function | startofweek | Returns start of week. |
| Datetime function | startofyear | Returns start of year. |
| Datetime function | unixtime_microseconds_todatetime | Converts microsecond Unix timestamp to datetime. |
| Datetime function | unixtime_milliseconds_todatetime | Converts millisecond Unix timestamp to datetime. |
| Datetime function | unixtime_nanoseconds_todatetime | Converts nanosecond Unix timestamp to datetime. |
| Datetime function | unixtime_seconds_todatetime | Converts second Unix timestamp to datetime. |
| Datetime function | week_of_year | Returns the ISO 8601 week number from a datetime expression. |
| Hash function | hash_md5 | Returns MD5 hash. |
| Hash function | hash_sha1 | Returns SHA1 hash. |
| Hash function | hash_sha256 | Returns SHA256 hash. |
| Hash function | hash_sha512 | Returns SHA512 hash. |
| Hash function | hash | Returns integer hash of input. |
| IP function | format_ipv4_mask | Formats IPv4 and mask to CIDR. |
| IP function | format_ipv4 | Formats netmask into IPv4 string. |
| IP function | geo_info_from_ip_address | Extracts geolocation from IP address. |
| IP function | has_any_ipv4_prefix | Checks if IPv4 starts with any prefix. |
| IP function | has_any_ipv4 | Checks if any of given IPv4s exist in column. |
| IP function | has_ipv4_prefix | Checks if IPv4 starts with specified prefix. |
| IP function | has_ipv4 | Checks if IPv4 is valid and in source text. |
| IP function | ipv4_compare | Compares two IPv4 addresses. |
| IP function | ipv4_is_in_any_range | Checks if IPv4 is in any specified range. |
| IP function | ipv4_is_in_range | Checks if IPv4 is in a given range. |
| IP function | ipv4_is_match | Matches IPv4 against a pattern. |
| IP function | ipv4_is_private | Checks if IPv4 is private. |
| IP function | ipv4_netmask_suffix | Extracts netmask suffix. |
| IP function | ipv6_compare | Compares two IPv6 addresses. |
| IP function | ipv6_is_in_any_range | Checks if IPv6 is in any range. |
| IP function | ipv6_is_in_range | Checks if IPv6 is in range. |
| IP function | ipv6_is_match | Checks if IPv6 matches pattern. |
| IP function | parse_ipv4_mask | Converts IPv4 and mask to long integer. |
| IP function | parse_ipv4 | Converts IPv4 to long integer. |
| Logical operator | != | Returns true if either one (or both) of the operands are null, or they are not equal to each other. Otherwise, false. |
| Logical operator | == | Returns true if both operands are non-null and equal to each other. Otherwise, false. |
| Logical operator | and | Returns true if both operands are true. |
| Logical operator | or | Returns true if one of the operands is true, regardless of the other operand. |
| Mathematical function | abs | Returns absolute value. |
| Mathematical function | acos | Returns arccosine of a number. |
| Mathematical function | asin | Returns arcsine of a number. |
| Mathematical function | atan | Returns arctangent of a number. |
| Mathematical function | atan2 | Returns angle between x-axis and point (y, x). |
| Mathematical function | cos | Returns cosine of a number. |
| Mathematical function | degrees | Converts radians to degrees. |
| Mathematical function | exp | Returns e^x. |
| Mathematical function | exp10 | Returns 10^x. |
| Mathematical function | exp2 | Returns 2^x. |
| Mathematical function | gamma | Returns gamma function of x. |
| Mathematical function | isinf | Returns true if x is infinite. |
| Mathematical function | isint | Returns true if x is an integer. |
| Mathematical function | isnan | Returns true if x is NaN. |
| Mathematical function | log | Returns natural logarithm of x. |
| Mathematical function | log10 | Returns base-10 logarithm. |
| Mathematical function | log2 | Returns base-2 logarithm. |
| Mathematical function | loggamma | Returns log of absolute gamma function. |
| Mathematical function | max_of | Returns largest value among arguments. |
| Mathematical function | min_of | Returns smallest value among arguments. |
| Mathematical function | not | Reverses boolean value. |
| Mathematical function | pi | Returns value of Pi. |
| Mathematical function | pow | Returns value raised to a power. |
| Mathematical function | radians | Converts degrees to radians. |
| Mathematical function | rand | Returns pseudo-random numbers between 0 (inclusive) and 1 (exclusive). |
| Mathematical function | round | Rounds value to given precision. |
| Mathematical function | set_difference | Returns array difference. |
| Mathematical function | set_has_element | Returns true if set contains an element. |
| Mathematical function | set_intersect | Returns array intersection. |
| Mathematical function | set_union | Returns array union. |
| Mathematical function | sign | Returns sign of number. |
| Mathematical function | sin | Returns sine of a number. |
| Mathematical function | sqrt | Returns square root of a number. |
| Mathematical function | tan | Returns tangent of a number. |
| Numerical operator | - | Subtract. Example: 0.26 - 0.23 |
| Numerical operator | != | Not equals. Example: 2 != 1 |
| Numerical operator | !in | Not equals to any of the elements. Example: "bca" !in ("123", "345", "abc") |
| Numerical operator | * | Multiply. Example: 1s * 5, 5 * 5 |
| Numerical operator | / | Divide. Example: 10m / 1s, 4 / 2 |
| Numerical operator | < | Less. Example: 1 < 2, 1 <= 1 |
| Numerical operator | <= | Less or Equal. Example: 5 <= 6 |
| Numerical operator | % | Modulo. Example: 10 % 3, 5 % 2 |
| Numerical operator | + | Add. Example: 3.19 + 3.19, ago(10m) + 10m |
| Numerical operator | == | Equals. Example: 3 == 3 |
| Numerical operator | > | Greater. Example: 0.23 > 0.22, now() > ago(1d) |
| Numerical operator | >= | Greater or Equal. Example: 7 >= 6 |
| Numerical operator | in | Equals to one of the elements. Example: "abc" in ("123", "345", "abc") |
| Rounding function | bin_auto | Rounds values down to a bin based on query-provided size and alignment. |
| Rounding function | bin | Rounds values down to a bin size. |
| Rounding function | ceiling | Returns the smallest integer greater than or equal to the specified number. |
| Rounding function | floor | Returns the largest integer less than or equal to the specified number. |
| SQL function | format_sql | Converts parsed SQL data model back into SQL statement. |
| SQL function | parse_sql | Parses and analyzes SQL queries. |
| String function | base64_decode_toarray | Decodes a Base64-encoded string into an array of bytes. |
| String function | base64_decode_tostring | Decodes a base64 string to a UTF-8 string. |
| String function | base64_encode_fromarray | Converts a sequence of bytes into a Base64-encoded string. |
| String function | base64_encode_tostring | Encodes a string as base64 string. |
| String function | coalesce | Returns the first non-null/non-empty value from a list. |
| String function | countof_regex | Counts occurrences of a regex in a string. |
| String function | countof | Counts occurrences of a substring in a string. |
| String function | extract_all | Gets all matches for a regular expression from a text string. |
| String function | extract | Gets a match for a regular expression from a text string. |
| String function | format_bytes | Formats a number of bytes as a string including units. |
| String function | format_url | Formats a string into a valid URL. |
| String function | gettype | Returns the runtime type of an argument. |
| String function | indexof | Returns index of the first occurrence of a substring. |
| String function | isascii | Returns true if all characters in an input string are ASCII characters. |
| String function | isempty | Returns true if the argument is empty or null. |
| String function | isnotempty | Returns true if the argument is not empty or null. |
| String function | isnotnull | Returns true if the argument is not null. |
| String function | isnull | Returns true if the argument is null. |
| String function | parse_bytes | Parses byte-size string to number of bytes. |
| String function | parse_csv | Splits a CSV-formatted string into an array. |
| String function | parse_json | Parses a string as a JSON value. |
| String function | parse_url | Parses a URL string and returns parts in a dynamic object. |
| String function | parse_urlquery | Parses a URL query string into key-value pairs. |
| String function | quote | Returns a string representing the input enclosed in double quotes, with internal quotes and escape sequences handled appropriately. |
| String function | replace_regex | Replaces regex matches with another string. |
| String function | replace_string | Replaces string matches with another string. |
| String function | replace | Replaces all regex matches with another string. |
| String function | reverse | Reverses a string. |
| String function | split | Splits a string into an array using a delimiter. |
| String function | strcat_delim | Concatenates 2–64 arguments with a delimiter. |
| String function | strcat | Concatenates 1–64 arguments. |
| String function | strcmp | Compares two strings. |
| String function | strlen | Returns the length of a string. |
| String function | strrep | Repeats a string a given number of times. |
| String function | substring | Extracts a substring. |
| String function | tolower | Converts string to lowercase. |
| String function | totitle | Converts string to title case. |
| String function | toupper | Converts string to uppercase. |
| String function | trim_end_regex | Trims trailing characters using regex. |
| String function | trim_end | Trims trailing characters. |
| String function | trim_regex | Trims characters matching a regex. |
| String function | trim_space | Removes all leading and trailing whitespace from a string. |
| String function | trim_start_regex | Trims leading characters using regex. |
| String function | trim_start | Trims leading characters. |
| String function | trim | Trims leading/trailing characters. |
| String function | url_decode | Decodes a URL-encoded string. |
| String function | url_encode | Encodes characters into a URL-friendly format. |
| String operator | != | Not equals (case-sensitive). Example: "abc" != "ABC" |
| String operator | !~ | Not equals (case-insensitive). Example: "aBc" !~ "xyz" |
| String operator | !contains_cs | RHS doesn’t occur in LHS (case-sensitive). Example: "parentSpanId" !contains_cs "Id" |
| String operator | !contains | RHS doesn’t occur in LHS (case-insensitive). Example: "parentSpanId" !contains "abc" |
| String operator | !endswith_cs | RHS isn’t a closing subsequence of LHS (case-sensitive). Example: "parentSpanId" !endswith_cs "Span" |
| String operator | !endswith | RHS isn’t a closing subsequence of LHS (case-insensitive). Example: "parentSpanId" !endswith "Span" |
| String operator | !has_cs | RHS isn’t a whole term in LHS (case-sensitive). Example: "North America" !has_cs "America" |
| String operator | !has | RHS isn’t a whole term in LHS (case-insensitive). Example: "North America" !has "america" |
| String operator | !hasprefix_cs | LHS string doesn’t start with the RHS string (case-sensitive). Example: "DOCS_file" !hasprefix_cs "DOCS" |
| String operator | !hasprefix | LHS string doesn’t start with the RHS string (case-insensitive). Example: "Admin_User" !hasprefix "Admin" |
| String operator | !hassuffix_cs | LHS string doesn’t end with the RHS string (case-sensitive). Example: "Document.HTML" !hassuffix_cs ".HTML" |
| String operator | !hassuffix | LHS string doesn’t end with the RHS string (case-insensitive). Example: "documentation.docx" !hassuffix ".docx" |
| String operator | !in | Not equals to any of the elements (case-sensitive). Example: "bca" !in ("123", "345", "abc") |
| String operator | !in~ | Not equals to any of the elements (case-insensitive). Example: "bca" !in~ ("123", "345", "ABC") |
| String operator | !matches regex | LHS doesn’t contain a match for RHS. Example: "parentSpanId" !matches regex "g.*r" |
| String operator | !startswith_cs | RHS isn’t an initial subsequence of LHS (case-sensitive). Example: "parentSpanId" !startswith_cs "parent" |
| String operator | !startswith | RHS isn’t an initial subsequence of LHS (case-insensitive). Example: "parentSpanId" !startswith "Id" |
| String operator | == | Equals (case-sensitive). Example: "aBc" == "aBc" |
| String operator | =~ | Equals (case-insensitive). Example: "abc" =~ "ABC" |
| String operator | contains_cs | RHS occurs as a subsequence of LHS (case-sensitive). Example: "parentSpanId" contains_cs "Id" |
| String operator | contains | RHS occurs as a subsequence of LHS (case-insensitive). Example: "parentSpanId" contains "Span" |
| String operator | endswith_cs | RHS is a closing subsequence of LHS (case-sensitive). Example: "parentSpanId" endswith_cs "Id" |
| String operator | endswith | RHS is a closing subsequence of LHS (case-insensitive). Example: "parentSpanId" endswith "Id" |
| String operator | has_cs | RHS is a whole term in LHS (case-sensitive). Example: "North America" has_cs "America" |
| String operator | has | RHS is a whole term in LHS (case-insensitive). Example: "North America" has "america" |
| String operator | hasprefix_cs | LHS string starts with the RHS string (case-sensitive). Example: "DOCS_file" hasprefix_cs "DOCS" |
| String operator | hasprefix | LHS string starts with the RHS string (case-insensitive). Example: "Admin_User" hasprefix "Admin" |
| String operator | hassuffix_cs | LHS string ends with the RHS string (case-sensitive). Example: "Document.HTML" hassuffix_cs ".HTML" |
| String operator | hassuffix | LHS string ends with the RHS string (case-insensitive). Example: "documentation.docx" hassuffix ".docx" |
| String operator | in | Equals to one of the elements (case-sensitive). Example: "abc" in ("123", "345", "abc") |
| String operator | in~ | Equals to one of the elements (case-insensitive). Example: "abc" in~ ("123", "345", "ABC") |
| String operator | matches regex | LHS contains a match for RHS. Example: "parentSpanId" matches regex "g.*r" |
| String operator | startswith_cs | RHS is an initial subsequence of LHS (case-sensitive). Example: "parentSpanId" startswith_cs "parent" |
| String operator | startswith | RHS is an initial subsequence of LHS (case-insensitive). Example: "parentSpanId" startswith "parent" |
| Tabular operator | count | Returns an integer representing the total number of records in the dataset. |
| Tabular operator | distinct | Returns a dataset with unique values from the specified fields, removing any duplicate entries. |
| Tabular operator | extend-valid | Returns a table where the specified fields are extended with new values based on the given expression for valid rows. |
| Tabular operator | extend | Returns the original dataset with one or more new fields appended, based on the defined expressions. |
| Tabular operator | externaldata | Returns a table with the specified schema, containing data retrieved from an external source. |
| Tabular operator | getschema | Returns the schema of a dataset, including field names and their data types. |
| Tabular operator | join | Returns a dataset containing rows from two different tables based on conditions. |
| Tabular operator | limit | Returns the top N rows from the input dataset. |
| Tabular operator | lookup | Returns a dataset where rows from one dataset are enriched with matching columns from a lookup table based on conditions. |
| Tabular operator | order | Returns the input dataset, sorted according to the specified fields and order. |
| Tabular operator | parse | Returns the input dataset with new fields added based on the specified parsing pattern. |
| Tabular operator | project-away | Returns the input dataset excluding the specified fields. |
| Tabular operator | project-keep | Returns a dataset with only the specified fields. |
| Tabular operator | project-reorder | Returns a table with the specified fields reordered as requested followed by any unspecified fields in their original order. |
| Tabular operator | project | Returns a dataset containing only the specified fields. |
| Tabular operator | redact | Returns the input dataset with sensitive data replaced or hashed. |
| Tabular operator | sample | Returns a table containing the specified number of rows, selected randomly from the input dataset. |
| Tabular operator | search | Returns all rows where the specified keyword appears in any field. |
| Tabular operator | sort | Returns a table with rows ordered based on the specified fields. |
| Tabular operator | summarize | Returns a table where each row represents a unique combination of values from the by fields, with the aggregated results calculated for the other fields. |
| Tabular operator | take | Returns the specified number of rows from the dataset. |
| Tabular operator | top | Returns the top N rows from the dataset based on the specified sorting criteria. |
| Tabular operator | union | Returns all rows from the specified tables or queries. |
| Tabular operator | where | Returns a filtered dataset containing only the rows where the condition evaluates to true. |
| Type function | iscc | Checks whether a value is a valid credit card (CC) number. |
| Type function | isimei | Checks whether a value is a valid International Mobile Equipment Identity (IMEI) number. |
| Type function | ismap | Checks whether a value is of the dynamic type and represents a mapping. |
| Type function | isreal | Checks whether a value is a real number. |
| Type function | isstring | Checks whether a value is a string. |
| Type function | isutf8 | Checks whether a value is a valid UTF-8 encoded sequence. |