Skip to main content
Use the log function in APL to compute the natural logarithm (base-e) of a positive numeric value. The function is the inverse of exp. log is one of the most commonly used mathematical functions in observability. Log-transforming latency, error counts, or request rates compresses wide value ranges into a more manageable scale, reduces the influence of extreme outliers, and can reveal patterns that are linear on a log scale. It’s also the basis for computing geometric means with exp(avg(log(x))).

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, the natural logarithm is called ln() rather than log(). The SPL log() function computes the base-10 logarithm by default. In APL, log() always means the natural logarithm.
| eval ln_duration = ln(req_duration_ms)
In ANSI SQL, LN() computes the natural logarithm and LOG() computes the base-10 logarithm in most dialects. In APL, log() means the natural logarithm, matching SQL’s LN().
SELECT LN(req_duration_ms) AS ln_duration FROM logs

Usage

Syntax

log(x)

Parameters

NameTypeRequiredDescription
xrealYesA positive real number (x > 0).

Returns

  • The natural logarithm of x.
  • null if x is negative, zero, or cannot be converted to a real value.

Example

Use log to compress request durations onto a natural log scale. Query 
['sample-http-logs']
| where req_duration_ms > 0
| extend log_duration = log(req_duration_ms)
| project _time, id, req_duration_ms, log_duration
Run in Playground Output
_timeidreq_duration_mslog_duration
2024-11-14 10:00:00user-11.00.0000
2024-11-14 10:01:00user-2100.04.6052
2024-11-14 10:02:00user-310000.09.2103
  • exp: Returns e^x. Use it as the inverse of log to return to the original scale.
  • log2: Returns the base-2 logarithm. Use it for binary-scale analysis such as bit depth or memory sizing.
  • log10: Returns the base-10 logarithm. Use it for order-of-magnitude analysis or decibel calculations.
  • loggamma: Returns the log of the absolute value of the gamma function. Use it to avoid overflow when computing gamma on large inputs.
  • sqrt: Returns the square root. Use it as a lighter alternative to log for compressing small value ranges.