count

The count aggregation in APL returns the total number of records in a dataset or the total number of records that match specific criteria. This function is useful when you need to quantify occurrences, such as counting log entries, user actions, or security events.

When to use count:

• To count the total number of events in log analysis, such as the number of HTTP requests or errors.
• To monitor system usage, such as the number of transactions or API calls.
• To identify security incidents by counting failed login attempts or suspicious activities.

​

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

​

Usage

​

Syntax

summarize count() [by GroupingColumn]

​

Parameters

• GroupingColumn (optional): A column to group the count results by. If not specified, the total number of records across the dataset is returned.

​

Returns

• A table with the count of records for the entire dataset or grouped by the specified column.

​

Use case examples

['sample-http-logs']
| summarize count() by status

['sample-http-logs']
| summarize count() by status

['otel-demo-traces']
| summarize count() by ['service.name']

['sample-http-logs']
| summarize count() by ['geo.country']

​

List of related aggregations

• sum: Use sum to calculate the total sum of a numeric field, as opposed to counting the number of records.
• avg: The avg function calculates the average of a numeric field. Use it when you want to determine the mean value of data instead of the count.
• min: The min function returns the minimum value of a numeric field, helping to identify the smallest value in a dataset.
• max: The max function returns the maximum value of a numeric field, useful for identifying the largest value.
• countif: The countif function allows you to count only records that meet specific conditions, giving you more flexibility in your count queries.