This page explains how to use the order operator in APL.
The order operator in Axiom Processing Language (APL) allows you to sort the rows of a result set by one or more specified fields. You can use this operator to organize data for easier interpretation, prioritize specific values, or prepare data for subsequent analysis steps. The order operator is particularly useful when working with logs, telemetry data, or any dataset where ranking or sorting by values (such as time, status, or user ID) is necessary.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Usage
Syntax
Parameters
FieldName: The name of the field by which to sort.asc: Sorts the field in ascending order.desc: Sorts the field in descending order.
Returns
The order operator returns the input dataset, sorted according to the specified fields and order (ascending or descending). If multiple fields are specified, sorting is done based on the first field, then by the second if values in the first field are equal, and so on.
Use case examples
In this example, you sort HTTP logs by request duration in descending order to prioritize the longest requests.
Query
Output
| _time | req_duration_ms | id | status | uri | method | geo.city | geo.country |
|---|---|---|---|---|---|---|---|
| 2024-10-17 10:10:01 | 1500 | user12 | 200 | /api/v1/get-orders | GET | Seattle | US |
| 2024-10-17 10:09:47 | 1350 | user23 | 404 | /api/v1/get-products | GET | New York | US |
| 2024-10-17 10:08:21 | 1200 | user45 | 500 | /api/v1/post-order | POST | London | UK |
This query sorts the logs by request duration, helping you identify which requests are taking the most time to complete.
In this example, you sort HTTP logs by request duration in descending order to prioritize the longest requests.
Query
Output
| _time | req_duration_ms | id | status | uri | method | geo.city | geo.country |
|---|---|---|---|---|---|---|---|
| 2024-10-17 10:10:01 | 1500 | user12 | 200 | /api/v1/get-orders | GET | Seattle | US |
| 2024-10-17 10:09:47 | 1350 | user23 | 404 | /api/v1/get-products | GET | New York | US |
| 2024-10-17 10:08:21 | 1200 | user45 | 500 | /api/v1/post-order | POST | London | UK |
This query sorts the logs by request duration, helping you identify which requests are taking the most time to complete.
In this example, you sort OpenTelemetry trace data by span duration in descending order, which helps you identify the longest-running spans across your services.
Query
Output
| _time | duration | span_id | trace_id | service.name | kind | status_code |
|---|---|---|---|---|---|---|
| 2024-10-17 10:10:01 | 15.3s | span4567 | trace123 | frontend | server | 200 |
| 2024-10-17 10:09:47 | 12.4s | span8910 | trace789 | checkoutservice | client | 200 |
| 2024-10-17 10:08:21 | 10.7s | span1112 | trace456 | productcatalogservice | server | 500 |
This query helps you detect performance bottlenecks by sorting spans based on their duration.
In this example, you analyze security logs by sorting them by time to view the most recent logs.
Query
Output
| _time | req_duration_ms | id | status | uri | method | geo.city | geo.country |
|---|---|---|---|---|---|---|---|
| 2024-10-17 10:10:01 | 300 | user34 | 200 | /api/v1/login | POST | Berlin | DE |
| 2024-10-17 10:09:47 | 150 | user78 | 401 | /api/v1/get-profile | GET | Paris | FR |
| 2024-10-17 10:08:21 | 200 | user56 | 500 | /api/v1/update-profile | PUT | Madrid | ES |
This query sorts the security logs by time to display the most recent log entries first, helping you quickly review recent security events.
List of related operators
- top: The
topoperator returns the top N records based on a specific sorting criteria, which is similar toorderbut only retrieves a fixed number of results. - summarize: The
summarizeoperator groups data and often works in combination withorderto rank summarized values. - extend: The
extendoperator can be used to create calculated fields, which can then be used as sorting criteria in theorderoperator.