Calls the named function on a field over a set of events. Result is returned in field named _function for the selected function. This allows having the function name as a dashboard parameter.
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| function | string | Yes | Function to run. | |
| field | string | Yes | Field to extract a number from and calculate function over. | |
| as | string | No | Name of output field. Defaults to _function |
function is the unnamed parameter.
Find the average bytes sent in http responses using callFunction( ) rather than using avg directly.
avg_sent:=callFunction("avg", field=bytes_sent)
Use a query parameter (i.e., ?function) to select the aggregation function for a timechart( ). This is useful for dashboard widgets.
timechart(function=[callFunction(?{function=count}, field=value)])