The series_sum function in APL calculates the total of all numeric elements in a dynamic array. You use it when you have a series of values and you want to condense them into a single aggregate number. For example, if you create arrays of request durations or span times, series_sum lets you quickly compute the total across each series. This function is useful in scenarios such as:
  • Aggregating request latencies across sessions or users.
  • Summing the duration of spans in distributed traces.
  • Calculating total counts or values across arrays in security log analysis.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you typically use the eval command with mvsum to sum values in a multivalue field. In APL, you use series_sum for the same purpose. Both functions collapse an array into a single scalar value.
... | eval total_duration = mvsum(req_duration_ms)
In SQL, you normally use SUM() as an aggregate over rows. If you want to sum elements inside an array, you must use functions such as UNNEST first. In APL, series_sum directly operates on dynamic arrays, so you don’t need to flatten them.
SELECT user_id, SUM(val) AS total
FROM my_table, UNNEST(values) AS val
GROUP BY user_id

Usage

Syntax

series_sum(array)

Parameters

ParameterTypeDescription
arraydynamic (array)The array of numeric values to sum.

Returns

A real value representing the sum of all numeric elements in the array. If the array is empty, the function returns 0.

Use case examples

When you want to calculate the total request duration per user across multiple requests.Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend total_duration = series_sum(durations)
Run in PlaygroundOutput
iddurationstotal_duration
u123[120, 300, 50]470
u456[200, 150]350
This query collects request durations for each user, creates an array, and then sums the array to compute the total request time per user.
  • series_abs: Returns the absolute value of each element in an array. Use it to normalize negative values in arrays.
  • series_acos: Computes the arccosine of each element in an array. Use when you want the inverse cosine.
  • series_atan: Computes the arctangent of each element in an array. Use when you want the inverse tangent.
  • series_cos: Returns the cosine of each element in an array. Use it when analyzing cyclical data with a phase shift.
  • series_tan: Returns the tangent of each element in an array. Use it when you want to transform arrays with tangent-based periodicity.