Axiom Docs

The series_greater function compares two numeric arrays (series) element by element and returns a new array of Boolean values. Each element in the result is true if the corresponding element in the first array is greater than the corresponding element in the second array, and false otherwise. You use this function when you want to evaluate pairwise comparisons across time series or numeric arrays. It is especially useful in scenarios such as anomaly detection, trend analysis, or validating thresholds against observed metrics.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk SPL, comparisons are usually done across fields or using the eval command with conditional expressions. There is no direct equivalent to element-by-element array comparisons. In APL, series_greater performs this comparison across arrays in a single function call.

... | eval comparison = if(fieldA > fieldB, true(), false())

ANSI SQL users

In ANSI SQL, comparisons are scalar and operate on single values at a time. You usually need to use CASE statements for conditionals. SQL lacks a built-in function for element-wise array comparison. In APL, series_greater directly compares two arrays and returns an array of Boolean values.

SELECT CASE WHEN a > b THEN TRUE ELSE FALSE END as comparison
FROM numbers

Usage

Syntax

series_greater(array1, array2)

Parameters

Parameter	Type	Description
`array1`	dynamic (array)	The first array to compare.
`array2`	dynamic (array)	The second array to compare. Must be the same length as `array1`.

Returns

A dynamic array of Boolean values, where each element is true if the corresponding element in array1 is greater than the corresponding element in array2, and false otherwise.

Use case examples

When analyzing HTTP request durations, you can compare them against a fixed threshold to identify requests that exceed performance expectations.Query

['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend threshold = dynamic([200,200,200,200])
| extend above_threshold = series_greater(durations, threshold)

Run in PlaygroundOutput

id	durations	threshold	above_threshold
u123	[180,220,150,300]	[200,200,200,200]	[false,true,false,true]

This query shows which requests for a given user exceed a threshold of 200 ms.

series_greater_equals: Compares two arrays and returns true when elements in the first array are greater than or equal to the second array.
series_less: Compares two arrays and returns true where the first array element is less than the second.
series_less_equals: Compares two arrays and returns true where the first array element is less than or equal to the second.
series_not_equals: Compares two arrays and returns true where elements are not equal.

Get started

Functions

Operators

Reference

Migration

series_greater

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions