Axiom Docs

The stdevif aggregation function in APL computes the standard deviation of values in a group based on a specified condition. This is useful when you want to calculate variability in data, but only for rows that meet a particular condition. For example, you can use stdevif to find the standard deviation of response times in an HTTP log, but only for requests that resulted in a 200 status code. The stdevif function is useful when you want to analyze the spread of data values filtered by specific criteria, such as analyzing request durations in successful transactions or monitoring trace durations of specific services in OpenTelemetry data.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk SPL, the stdev function is used to calculate the standard deviation, but you need to use an if function or a where clause to filter data. APL simplifies this by combining both operations in stdevif.

| stats stdev(req_duration_ms) as stdev_req where status="200"

ANSI SQL users

In ANSI SQL, the STDDEV function is used to compute the standard deviation, but it requires the use of a CASE WHEN expression to apply a conditional filter. APL integrates the condition directly into the stdevif function.

SELECT STDDEV(CASE WHEN status = '200' THEN req_duration_ms END)
FROM sample_http_logs
GROUP BY geo.country;

Usage

Syntax

summarize stdevif(column, condition)

Parameters

column: The column that contains the numeric values for which you want to calculate the standard deviation.
condition: The condition that must be true for the values to be included in the standard deviation calculation.

Returns

The stdevif function returns a floating-point number representing the standard deviation of the specified column for the rows that satisfy the condition.

Use case examples

In this example, you calculate the standard deviation of request durations (req_duration_ms), but only for successful HTTP requests (status code 200).Query

['sample-http-logs']
| summarize stdevif(req_duration_ms, status == '200') by ['geo.country']

Run in PlaygroundOutput

geo.country	stdev_req_duration_ms
US	120.45
Canada	98.77
Germany	134.92

This query calculates the standard deviation of request durations for HTTP 200 responses, grouped by country.

avgif: Similar to stdevif, but instead of calculating the standard deviation, avgif computes the average of values that meet the condition.
sumif: Computes the sum of values that meet the condition. Use sumif when you want to aggregate total values instead of analyzing data spread.
varianceif: Returns the variance of values that meet the condition, which is a measure of how spread out the data points are.
countif: Counts the number of rows that satisfy the specified condition.
minif: Retrieves the minimum value that satisfies the given condition, useful when finding the smallest value in filtered data.

Get started

Functions

Operators

Reference

Migration

stdevif

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related aggregations

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related aggregations