Overview

Description

This function can be used to count aggregated data grouped by a specific field. You can specify the fields to use for grouping; the field whose value will be calculated in aggregates; and the aggregate type: sum, minimum, maximum, average, or count. This function also allows you to set the time interval during which aggregates should be counted. If the time interval has ended but not all events have been processed, aggregates will not be counted for subsequent events.
The function has 2 outputs: output 'out' has an original event, the output ' agg ' has an event with aggregates.
As a result, we get an event consisting of fields:

• timestamp: time when an event with aggregates was created
• field: the field for which aggregates were calculated
• interval: the time interval during which aggregates were counted
• dimension: dimensions used for grouping
• values: aggregates with their value

Function Schema

Examples