Skip to main content
Version: 4.2.0

aggregate Command

The aggregate command aggregates query results over given properties and applies the defined aggregation functions.

Usage

aggregate [<group_props>:] <functions>

Parameters

ParameterDescriptionRequired?Default Value
group_propsComma-delimited list of grouping properties
functionsComma-delimited list of grouping functions to be applied on every result node✔️
info

Each grouping variable can have an as <name> clause to give the variable a specific name: <path_to_prop> as <name>. If this as <name> clause is omitted, a name is derived from the property path.

The following functions are supported:

FunctionDescription
sum(x)Sum x over all incoming elements. x can be a static value or the path to a property.
min(x)Return the smallest seen x over all incoming elements.
max(x)Return the biggest seen x over all incoming elements.
avg(x)Compute the average over all x.

Function arguments can be variable names (e.g., min(path.to.prop)), static values (e.g., sum(1)), or even calculations using simple expressions (min(path.to.prop * 3 + 2)).

Each grouping function can have an as <name> clause to give the function result a specific name: <function>(..) as <name>. If this as <name> clause is omitted, a name is derived from the function name and property path.

Examples

Count volumes in the system, grouped by kind
> search is(volume) | aggregate kind as kind: sum(1) as count
​group:
​ kind: aws_ec2_volume
​count: 1799
​---
​group:
​ kind: gcp_disk
​count: 1100
Count volumes and compute total volume size, grouped by kind
> search is(volume) | aggregate kind: sum(volume_size) as summed, sum(1) as count
​group:
​ kind: aws_ec2_volume
​summed: 130903
​count: 1799
​---
​group:
​ kind: gcp_disk
​summed: 23930
​count: 1100
Count volumes and compute total volume size
> search is(volume) | aggregate sum(volume_size) as summed, sum(1) as count
​summed: 154833
​count: 2899

Further Reading