Skip to main content
The series_equals function compares each element in a numeric dynamic array (series) to a specified value and returns a boolean array indicating which elements are equal to that value. This function is useful for filtering, conditional analysis, and identifying specific values within time series data. You can use series_equals when you want to identify occurrences of specific values in your data, such as finding exact matches for thresholds, status codes, or target values. Typical applications include anomaly detection, data validation, and conditional processing of time series data.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, equality comparisons are typically done with the eval function and comparison operators like ==. To compare multiple values, you usually need to expand arrays and apply comparisons row by row. In APL, series_equals works directly on dynamic arrays, making it efficient for series-wide comparisons.
... | eval is_target=(duration==200)
In SQL, equality comparisons use the = operator, but this only works on single values, not arrays. To compare array elements, you typically need to unnest arrays and apply comparisons row by row. In APL, series_equals eliminates this complexity by directly comparing each element in an array to a target value.
SELECT CASE WHEN duration = 200 THEN 1 ELSE 0 END AS is_target
FROM requests;

Usage

Syntax

series_equals(array, value)

Parameters

ParameterTypeDescription
arraydynamicA dynamic array of real numeric values.
valuenumericThe value to compare against each array element.

Returns

A dynamic array of boolean values where each element indicates whether the corresponding input element equals the specified value.

Use case examples

  • Log analysis
  • OpenTelemetry traces
  • Security logs
In log analysis, you can use series_equals to identify requests that match specific duration thresholds or status codes across multiple requests per user.Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend is_200ms = series_equals(durations, 200)
Run in PlaygroundOutput
iddurationsis_200ms
u123[150, 200, 250][false, true, false]
u456[200, 200, 180][true, true, false]
This query identifies which request durations exactly equal 200ms for each user, useful for finding requests that hit specific performance targets.
  • series_greater: Returns elements greater than a specified value. Use when you need threshold-based filtering instead of exact matches.
  • series_greater_equals: Returns elements greater than or equal to a specified value. Use for inclusive threshold comparisons.
  • series_less: Returns elements less than a specified value. Use for lower-bound filtering.
  • series_less_equals: Returns elements less than or equal to a specified value. Use for inclusive lower-bound comparisons.
  • series_not_equals: Returns elements not equal to a specified value. Use for exclusion-based filtering.