On This Page

/ / / / /

list

The list aggregation function returns the list of values of Expression across the group.

Use this function with the summarize, eventstats, and timestats operators.

Syntax

list( Expression [, Max ] )

Arguments

Expression: Expression used for aggregation calculation. Wildcards are not supported for field names.
Max: An integer that limits the number of values returned. The default is 100. If set to 0, all values are returned.

Examples

This example lists methods (HTTP verbs) on API requests, up to a limit:

dataset="cribl_search_sample" dataSource=access*
| limit 1000 
| summarize list(request_method)

Run in Cribl Search

Previous

Previous

Next

Next