2018-09-05 18:19:49 -04:00
|
|
|
[role="xpack"]
|
|
|
|
[testenv="basic"]
|
|
|
|
[[sql-functions-aggs]]
|
|
|
|
=== Aggregate Functions
|
|
|
|
|
2018-12-11 05:29:44 -05:00
|
|
|
beta[]
|
|
|
|
|
2018-09-05 18:19:49 -04:00
|
|
|
Functions for computing a _single_ result from a set of input values.
|
|
|
|
{es-sql} supports aggregate functions only alongside <<sql-syntax-group-by,grouping>> (implicit or explicit).
|
|
|
|
|
|
|
|
==== General Purpose
|
|
|
|
|
|
|
|
[[sql-functions-aggs-avg]]
|
|
|
|
===== `AVG`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
AVG(numeric_field<1>)
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Input*:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
<1> numeric field
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Output*: `double` numeric value
|
|
|
|
|
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the https://en.wikipedia.org/wiki/Arithmetic_mean[Average] (arithmetic mean) of input values.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggAvg]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-count]]
|
|
|
|
===== `COUNT`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
COUNT(expression<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a field name, wildcard (`*`) or any numeric value
|
|
|
|
|
|
|
|
*Output*: numeric value
|
|
|
|
|
|
|
|
.Description:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
Returns the total number (count) of input values.
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggCountStar]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-count-distinct]]
|
|
|
|
===== `COUNT(DISTINCT)`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
COUNT(DISTINCT field_name<1>)
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Input*:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
<1> a field name
|
|
|
|
|
|
|
|
*Output*: numeric value
|
|
|
|
|
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the total number of _distinct_ values in input values.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggCountDistinct]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-max]]
|
|
|
|
===== `MAX`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
MAX(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Output*: same type as the input
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the maximum value across input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggMax]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-min]]
|
|
|
|
===== `MIN`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
MIN(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Output*: same type as the input
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the minimum value across input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggMin]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-sum]]
|
|
|
|
===== `SUM`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
SUM(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
<1> a numeric field
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Output*: `bigint` for integer input, `double` for floating points
|
|
|
|
|
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the sum of input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggSum]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
==== Statistics
|
|
|
|
|
|
|
|
[[sql-functions-aggs-kurtosis]]
|
|
|
|
===== `KURTOSIS`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
KURTOSIS(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
|
|
|
|
|
|
|
*Output*: `double` numeric value
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Description:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
https://en.wikipedia.org/wiki/Kurtosis[Quantify] the shape of the distribution of input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggKurtosis]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-percentile]]
|
|
|
|
===== `PERCENTILE`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
PERCENTILE(field_name<1>, numeric_exp<2>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
|
|
|
<2> a numeric expression
|
|
|
|
|
|
|
|
*Output*: `double` numeric value
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Description:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
Returns the nth https://en.wikipedia.org/wiki/Percentile[percentile] (represented by `numeric_exp` parameter)
|
|
|
|
of input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggPercentile]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-percentile-rank]]
|
|
|
|
===== `PERCENTILE_RANK`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
PERCENTILE_RANK(field_name<1>, numeric_exp<2>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
|
|
|
<2> a numeric expression
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Output*: `double` numeric value
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the nth https://en.wikipedia.org/wiki/Percentile_rank[percentile rank] (represented by `numeric_exp` parameter)
|
|
|
|
of input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggPercentileRank]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-skewness]]
|
|
|
|
===== `SKEWNESS`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
SKEWNESS(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
|
|
|
|
|
|
|
*Output*: `double` numeric value
|
|
|
|
|
|
|
|
.Description:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
https://en.wikipedia.org/wiki/Skewness[Quantify] the asymmetric distribution of input values in the field `field_name`.
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggSkewness]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-stddev-pop]]
|
|
|
|
===== `STDDEV_POP`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
STDDEV_POP(field_name<1>)
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Input*:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
<1> a numeric field
|
|
|
|
|
|
|
|
*Output*: `double` numeric value
|
|
|
|
|
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the https://en.wikipedia.org/wiki/Standard_deviations[population standard deviation] of input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggStddevPop]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-sum-squares]]
|
|
|
|
===== `SUM_OF_SQUARES`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
SUM_OF_SQUARES(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
*Output*: `double` numeric value
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Description:
|
|
|
|
|
|
|
|
Returns the https://en.wikipedia.org/wiki/Total_sum_of_squares[sum of squares] of input values in the field `field_name`.
|
|
|
|
|
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggSumOfSquares]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
|
|
|
|
[[sql-functions-aggs-var-pop]]
|
|
|
|
===== `VAR_POP`
|
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
.Synopsis:
|
|
|
|
[source, sql]
|
|
|
|
--------------------------------------------------
|
|
|
|
VAR_POP(field_name<1>)
|
|
|
|
--------------------------------------------------
|
|
|
|
|
|
|
|
*Input*:
|
|
|
|
|
|
|
|
<1> a numeric field
|
|
|
|
|
|
|
|
*Output*: `double` numeric value
|
|
|
|
|
|
|
|
.Description:
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
Returns the https://en.wikipedia.org/wiki/Variance[population variance] of input values in the field `field_name`.
|
2018-09-05 18:19:49 -04:00
|
|
|
|
2018-12-21 16:25:54 -05:00
|
|
|
["source","sql",subs="attributes,macros"]
|
|
|
|
--------------------------------------------------
|
2018-09-05 18:19:49 -04:00
|
|
|
include-tagged::{sql-specs}/docs.csv-spec[aggVarPop]
|
2018-12-21 16:25:54 -05:00
|
|
|
--------------------------------------------------
|