every
Table of Contents
Function
every — bucket ts
using a duration
Synopsis
every(d: duration) -> time
Description
The every function is a shortcut for bucket(ts, d)
.
This provides a convenient binning function for aggregations
when analyzing time-series data like logs that have a ts
field.
Examples
Operate on a sequence of times:
yield {ts,val:0},{ts:ts+1s},{ts:ts+2h2s}
| yield every(1h)
| sort
{ts:2021-02-01T12:00:01Z}
Loading...
Use as a group-by key:
yield {ts,val:1},{ts:ts+1s,val:2},{ts:ts+2h2s,val:5}
| sum(val) by every(1h)
| sort
{ts:2021-02-01T12:00:01Z}
Loading...