rate
This page explains how to use the rate aggregation function in APL.
The rate
aggregation function in APL (Axiom Processing Language) helps you calculate the rate of change over a specific time interval. This is especially useful for scenarios where you need to monitor how frequently an event occurs or how a value changes over time. For example, you can use the rate
function to track request rates in web logs or changes in metrics like CPU usage or memory consumption.
The rate
function is useful for analyzing trends in time series data and identifying unusual spikes or drops in activity. It can help you understand patterns in logs, metrics, and traces over specific intervals, such as per minute, per second, or per hour.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Usage
Syntax
Parameters
field
: The numeric field for which you want to calculate the rate.
Returns
Returns the rate of change or occurrence of the specified field
over the time interval specified in the query.
Specify the time interval in the query in the following way:
| summarize rate(field)
calculates the rate value of the field over the entire query window.| summarize rate(field) by bin(_time, 1h)
calculates the rate value of the field over a one-hour time window.| summarize rate(field) by bin_auto(_time)
calculates the rate value of the field bucketed by an automatic time window computed bybin_auto()
.
Use two summarize
statements to visualize the average rate over one minute per hour. For example:
Use case examples
In this example, the rate
aggregation calculates the rate of HTTP response sizes per second.
Query
Output
rate | _time |
---|---|
854 kB | 2024-01-01 12:00:00 |
635 kB | 2024-01-01 12:00:01 |
This query calculates the rate of HTTP response sizes per second.
List of related aggregations
- count: Returns the total number of records. Use
count
when you want an absolute total instead of a rate over time. - sum: Returns the sum of values in a field. Use
sum
when you want to aggregate the total value, not its rate of change. - avg: Returns the average value of a field. Use
avg
when you want to know the mean value rather than how it changes over time. - max: Returns the maximum value of a field. Use
max
when you need to find the peak value instead of how often or quickly something occurs. - min: Returns the minimum value of a field. Use
min
when you’re looking for the lowest value rather than a rate.