Tabular Operators

summarize operator

Produces a table that aggregates the content of the dataset.

Syntax

| summarize [[Column =] Aggregation [, ...]] [by [Column =] GroupExpression [, ...]]

Arguments

name	type	description
Field	string	Result Field Name
Aggregation	function	A call to an aggregation function such as min() or max(), with Field names as arguments.
GroupExpression	expression	A scalar expression that can reference the dataset

Returns

The input rows are arranged into groups having the same values of the by expressions.
Then the specified aggregation functions are computed over each group, producing a row for each group.
The result contains the by columns and also at least one column for each computed aggregate. (Some aggregation functions return multiple columns.)

Example

['http-logs']
| summarize topk(content_type, 20)

Run in playground->

['githubreleaseevent']
| summarize topk(repo, 20) by bin(_time, 24h)

Run in playground->

Returns a table that shows the heatmap in each interval [0, 30], [30, 20, 10], and so on. This example has a cell for HISTOGRAM(req_duration_ms).

['http-logs']
| summarize histogram(req_duration_ms, 30)

Run in playground->

['githubpushevent']
| where _time > ago(7d)
| where repo contains "axiom"
| summarize count(), numCommits=sum(size) by _time=bin(_time, 3h), repo
| take 100

Run in playground->

Tabular Operators

summarize operator

Syntax

Arguments

Returns

Example

Was this page helpful?

Resources

Company

Legal

Follow

Resources

Company

Legal