Grouped Aggregates

When a grouping parameter is provided, objects are divided into sets based on the distinct values created by the grouping expression. A separate metric value is computed for each group. Example:

GET /LogDepot/AppLogs/_aggregate?m=COUNT(*)&q=UserSID='S-1-5-18'&f=EventID

This query searches for AppLogs objects whose UserSID field equals the value S-1-5-18. Results are divided intro groups based on the EventID field. A typical JSON result shown below:

{"results": {

"aggregate": {

"metric": "COUNT(*)",

"query": "UserSID='S-1-5-18'",

"group": "EventID"

},

"totalobjects": "172274",

"summary": "172274",

"totalgroups": "19",

"groups": [

{"group": {

"metric": "1",

"field": {"EventID": "512"}

}},

{"group": {

"metric": "7",

"field": {"EventID": "514"}

}},

...

{"group": {

"metric": "1",

"field": {"EventID": "806"}

}}

]

}}

For grouped aggregate queries, the results element contains a groups element, which contains one group element for each group value. Each group contains the field name and value for that group and the corresponding metric value. The totalobjects value computes the number of objects selected in the computation. The summary value computes the metric value across all selected objects independent of groups, which, for COUNT(*), is the same as the totalobjects value.