Axiom Docs

The series_less function compares two numeric arrays element by element and returns a Boolean array. Each position in the result contains true if the element in the first array is less than the corresponding element in the second array, and false otherwise. You use series_less when you want to evaluate trends across sequences of numeric values. It is especially useful in time series analysis, anomaly detection, or comparing metrics side by side. For example, you can check if response times are decreasing compared to a baseline or if one service consistently performs faster than another.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk SPL, comparisons across series typically rely on eval with conditional expressions or custom logic in combination with timechart. In contrast, APL provides specialized series_* functions like series_less to directly compare arrays element by element.

... | timechart avg(req_duration_ms) as avg_dur 
| eval faster = if(avg_dur < 200, true, false)

ANSI SQL users

In ANSI SQL, you normally compare scalar values rather than arrays. To compare sequences, you need to join tables with offsets or use window functions. In APL, series_less simplifies this by applying the comparison across arrays in a single step.

SELECT t1._time,
       CASE WHEN t1.req_duration_ms < t2.req_duration_ms THEN true ELSE false END AS is_less
FROM logs t1
JOIN logs t2
  ON t1._time = t2._time

Usage

Syntax

series_less(array1, array2)

Parameters

Parameter	Type	Description
`array1`	array	The first array of numeric values.
`array2`	array	The second array of numeric values. Must have the same length as `array1`.

Returns

An array of Boolean values. Each element is true if the corresponding element in array1 is less than the element in array2, otherwise false.

Use case examples

You want to check whether the average request duration in each city is less than a fixed threshold of 150 milliseconds.Query

['sample-http-logs'] | take 50 | make-series city_avg = avg(req_duration_ms) on _time step 1h by ['geo.city'] | extend threshold = dynamic([150, 150, 150]) | extend is_less = series_less(city_avg, threshold)

Run in PlaygroundOutput

geo.city	city_avg	threshold	is_less
London	[120, 90, 100]	[150, 150, 150]	[true, true, true]
Paris	[180, 200, 190]	[150, 150, 150]	[false, false, false]

This query shows whether each city’s request duration stays below a 150 ms threshold at each time step.

series_greater_equals: Compares two arrays and returns true when elements in the first array are greater than or equal to the second array.
series_greater: Compares two arrays and returns true where the first array element is greater than the second.
series_less_equals: Compares two arrays and returns true where the first array element is less than or equal to the second.
series_not_equals: Compares two arrays and returns true where elements are not equal.

Get started

Functions

Operators

Reference

Migration

series_less

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions