Skip to main content
The series_log function computes the natural logarithm (base e) of each element in a numeric dynamic array (series). This performs element-wise logarithmic transformation across the entire series. You can use series_log when you need to apply logarithmic transformations to time-series data. This is particularly useful for normalizing exponentially distributed data, linearizing exponential growth patterns, compressing wide value ranges, or preparing data for analysis that assumes log-normal distributions.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, you typically use the log() function within an eval command to calculate logarithms. In APL, series_log applies the logarithm operation to every element in an array simultaneously.
... | eval log_value=log(value)
In SQL, you use the LOG() or LN() function to calculate natural logarithms on individual rows. In APL, series_log operates on entire arrays, applying the logarithm operation element-wise.
SELECT LN(value) AS log_value
FROM measurements;

Usage

Syntax

series_log(array)

Parameters

ParameterTypeDescription
arraydynamicA dynamic array of numeric values. Values must be positive.

Returns

A dynamic array where each element is the natural logarithm of the corresponding input element. Returns null for non-positive values.

Use case examples

  • Log analysis
  • OpenTelemetry traces
  • Security logs
In log analysis, you can use series_log to normalize request durations that follow an exponential distribution, making patterns easier to visualize and analyze.Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend log_durations = series_log(durations)
| take 5
Run in PlaygroundOutput
iddurationslog_durations
u123[50, 100, 500, 1000][3.91, 4.61, 6.21, 6.91]
u456[25, 75, 200, 800][3.22, 4.32, 5.30, 6.68]
This query applies logarithmic transformation to request durations, compressing the range and making it easier to compare values across different scales.
  • series_pow: Raises series elements to a power. Use as the inverse operation to logarithms when working with exponentials.
  • series_abs: Returns the absolute value of each element. Use before series_log to ensure positive values.
  • series_magnitude: Computes the magnitude of a series. Use when you need Euclidean norm instead of logarithmic transformation.
  • log: Scalar function for single values. Use for individual calculations instead of array operations.