The series_greater_equals function compares two numeric arrays element by element and returns a new array of Boolean values. Each element in the result is true if the corresponding element in the first array is greater than or equal to the corresponding element in the second array, and false otherwise. You use this function when you want to perform threshold comparisons across two series of values, such as checking performance metrics against baselines, comparing observed values to expected ranges, or evaluating time-aligned logs and traces.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you typically perform comparisons on fields or with eval expressions rather than array-based functions. If you want to compare series of values, you usually use eval with conditional expressions, but SPL doesn’t provide direct array-to-array comparison. In APL, series_greater_equals lets you apply the comparison element by element on arrays.
... | eval greater_equals = if(field1 >= field2, true(), false())
ANSI SQL does not natively support array-to-array operations in the same way. You often need to UNNEST arrays or join on row numbers to compare values across two arrays. APL provides a direct function, series_greater_equals, that simplifies these operations by applying the comparison across the entire array at once.
-- SQL-style comparison would require unnesting
SELECT a.value >= b.value AS greater_equals
FROM UNNEST(ARRAY[2,4,6]) WITH ORDINALITY a(value, i)
JOIN UNNEST(ARRAY[1,4,10]) WITH ORDINALITY b(value, j)
  ON a.i = b.j

Usage

Syntax

series_greater_equals(array1, array2)

Parameters

ParameterTypeDescription
array1dynamic (array of numeric values)The first input array.
array2dynamic (array of numeric values)The second input array. Must be the same length as array1.

Returns

A dynamic array of Boolean values where each element is true if array1[i] >= array2[i], and false otherwise.

Use case examples

In log analysis, you can compare observed request durations against a threshold series to identify requests that are slower than expected.Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend threshold = dynamic([100,100,100])
| extend exceeds = series_greater_equals(durations, threshold)
Run in PlaygroundOutput
iddurationsthresholdexceeds
u123[120,80,150][100,100,100][true,false,true]
This query groups request durations by user ID, builds a list of durations, and checks each against the threshold series of 100 ms.
  • series_greater: Compares two arrays and returns true where the first array element is greater than the second.
  • series_less: Compares two arrays and returns true where the first array element is less than the second.
  • series_less_equals: Compares two arrays and returns true where the first array element is less than or equal to the second.
  • series_not_equals: Compares two arrays and returns true where elements aren’t equal.