Skip to main content
The series_add function performs element-wise addition between two dynamic arrays (series) of numeric values. It adds corresponding elements from both arrays and returns a new array containing the results. This function is useful when you need to combine or aggregate data from multiple time series or when performing mathematical operations across parallel datasets. You can use series_add when you want to combine metrics from different sources, calculate cumulative values, or perform mathematical transformations on time-series data. Common applications include merging performance metrics, calculating total resource usage, and combining error rates from multiple services.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you typically use the eval command with mathematical operators to add values. However, adding arrays element-wise requires more complex operations. In APL, series_add directly performs element-wise addition on dynamic arrays.
... | eval combined_value = field1 + field2
In SQL, you add individual values using the + operator, but there’s no built-in function for element-wise array addition. You would need to unnest arrays and perform complex joins. In APL, series_add handles this operation directly on dynamic arrays.
SELECT value1 + value2 AS sum_value
FROM my_table;

Usage

Syntax

series_add(array1, array2)

Parameters

ParameterTypeDescription
array1dynamicThe first dynamic array of numeric values.
array2dynamicThe second dynamic array of numeric values.

Returns

A dynamic array where each element is the sum of the corresponding elements from array1 and array2. If the arrays have different lengths, the result array has the length of the shorter array.

Use case examples

  • Log analysis
  • OpenTelemetry traces
  • Security logs
In log analysis, you can use series_add to combine request durations from different processing stages to calculate total processing time.Query
['sample-http-logs']
| summarize stage1_durations = make_list(req_duration_ms), stage2_durations = make_list(req_duration_ms * 0.3) by id
| extend total_durations = series_add(stage1_durations, stage2_durations)
Run in PlaygroundOutput
idstage1_durationsstage2_durationstotal_durations
u123[100, 200, 150][30, 60, 45][130, 260, 195]
u456[80, 120][24, 36][104, 156]
This query combines processing durations from two stages to calculate the total processing time for each user’s requests.
  • series_abs: Returns the absolute value of each element in an array. Use when you need to remove negative signs without rounding.
  • series_cosine_similarity: Calculates cosine similarity between two arrays. Use when you need normalized similarity measures rather than raw dot products.
  • series_divide: Performs element-wise division between two arrays. Use when you need to calculate ratios or normalize values.
  • series_dot_product: Calculates the dot product between two arrays. Use when you need the raw dot product value rather than normalized similarity.
  • series_sum: Calculates the sum of all elements in a single array. Use when you need to sum elements within one array rather than computing dot products.