The countif aggregation function in Axiom Processing Language (APL) counts the number of records that meet a specified condition. You can use this aggregation to filter records based on a specific condition and return a count of matching records. This is particularly useful for log analysis, security audits, and tracing events when you need to isolate and count specific data subsets. Use countif when you want to count occurrences of certain conditions, such as HTTP status codes, errors, or actions in telemetry traces.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Usage

Syntax

countif(condition)

Parameters

  • condition: A boolean expression that filters the records based on a condition. Only records where the condition evaluates to true are counted.

Returns

The function returns the number of records that match the specified condition.

Use case examples

In log analysis, you might want to count how many HTTP requests returned a 500 status code to detect server errors.Query
['sample-http-logs']
| summarize countif(status == '500')
Run in PlaygroundOutput
count_errors
72
This query counts the number of HTTP requests with a 500 status, helping you identify how many server errors occurred.
  • count: Counts all records in a dataset without applying a condition. Use this when you need the total count of records, regardless of any specific condition.
  • sumif: Adds up the values of a field for records that meet a specific condition. Use sumif when you want to sum values based on a filter.
  • dcountif: Counts distinct values of a field for records that meet a condition. This is helpful when you need to count unique occurrences.
  • avgif: Calculates the average value of a field for records that match a condition, useful for performance monitoring.
  • maxif: Returns the maximum value of a field for records that meet a condition. Use this when you want to find the highest value in filtered data.