varianceif
This page explains how to use the varianceif aggregation function in APL.
The varianceif aggregation in APL calculates the variance of values that meet a specified condition. This is useful when you want to understand the variability of a subset of data without considering all data points. For example, you can use varianceif to compute the variance of request durations for HTTP requests that resulted in a specific status code or to track anomalies in trace durations for a particular service.
You can use the varianceif aggregation when analyzing logs, telemetry data, or security events where conditions on subsets of the data are critical to your analysis.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL users
Splunk SPL users
In Splunk, you would use the eval function to filter data and calculate variance for specific conditions. In APL, varianceif combines the filtering and aggregation into a single function, making your queries more concise.
ANSI SQL users
ANSI SQL users
In ANSI SQL, you typically use a CASE statement to apply conditional logic and then compute the variance. In APL, varianceif simplifies this by combining both the condition and the aggregation.
Usage
Syntax
Parameters
Expr: The expression (numeric) for which you want to calculate the variance.Predicate: A boolean condition that determines which records to include in the calculation.
Returns
Returns the variance of Expr for the records where the Predicate is true. If no records match the condition, it returns null.
Use case examples
You can use the varianceif function to calculate the variance of HTTP request durations for requests that succeeded (status == '200').
Query
Output
| varianceif_req_duration_ms |
|---|
| 15.6 |
This query calculates the variance of request durations for all HTTP requests that returned a status code of 200 (successful requests).
You can use the varianceif function to calculate the variance of HTTP request durations for requests that succeeded (status == '200').
Query
Output
| varianceif_req_duration_ms |
|---|
| 15.6 |
This query calculates the variance of request durations for all HTTP requests that returned a status code of 200 (successful requests).
You can use the varianceif function to monitor the variance in span durations for a specific service, such as the frontend service.
Query
Output
| varianceif_duration |
|---|
| 32.7 |
This query calculates the variance in the duration of spans generated by the frontend service.
The varianceif function can also be used to track the variance in request durations for requests from a specific geographic region, such as requests from geo.country == 'United States'.
Query
Output
| varianceif_req_duration_ms |
|---|
| 22.9 |
This query calculates the variance in request durations for requests originating from the United States.
List of related aggregations
- avgif: Computes the average value of an expression for records that match a given condition. Use
avgifwhen you want the average instead of variance. - sumif: Returns the sum of values that meet a specified condition. Use
sumifwhen you’re interested in totals, not variance. - stdevif: Returns the standard deviation of values based on a condition. Use
stdevifwhen you want to measure dispersion using standard deviation instead of variance.