Humio Library → Reference → Query Functions → count()

count( ) Query Function

Counts events streaming through the function. Result is put in a field named _count.

It’s possible to specify a field, and only events containing that field is counted. It’s also possible to do a distinct count. When having many distinct values Humio will not try to keep them all in memory. Estimation is then used and the result will not be a precise match.

Parameters

Name	Type	Required	Default	Description
field	string	No		Only events with this field is counted.
distinct	bool	No		Counts distinct values. When having many distinct values Humio uses estimation and the result is not exact.
as	string	No	_count	Name of output field.

field is the unnamed parameter.

Examples

Below are several examples using the count( ) function. Some are simple and others are more complex, with functions embedded within others.

Count All Events

Below is a simple example using the count( ) function. The query just counts the number of events found in the respository for the period of time selected. See Figure 1 here for how this query is entered (see highlighted text) and how the results may look.

count()

The results may be surprising, but what you see in Figure 1 is correct. The results is just a single number, the total count; this is how it displays it.

Group & Count

Figure 2, Grouping & Counting HTTP Methods

In this example, the query uses the count( ) function within the groupBy( ) function. The first parameter given is the field upon which to group the data. In this case, it’s the http method (e.g., GET, PUT, POST). The second parameter says to use the function count( ) to count the number occurences for each method found.

groupby(field=method, function=count())

Figure 2 here shows how this query would be entered on the Search page for a repository — see the highlighted text. It shows in the results a table with the column headings, method and _count, with the values for each.

Chart of Daily Counts

You can use the count( ) function in conjunction with the timeChart( ) function to count the number occurences of events or other factors. By default, the timeChart( ) function will aggregate the data by day. The results will look something like what you see in the screenshot shown in Figure 3 here.

timechart(function=count())

Chart of Daily Counts

When a user accesses a web site, the event is logged wiht a status code. For instance, the status code 200 is returned when the request is successful, and 404 when the page is not found. To get a list of status codes returned and a count of each for a given period, you would enter something like the following in the query input box:

count(field=statuscode)

You can see an example of this query in Figure 4 here. Notice that in the results there is a table with the column headings statuscode and _count, and the values for each status code in the rows below them.