Skip to main content
The series_fir function applies a Finite Impulse Response (FIR) filter to a numeric dynamic array (series) using a specified filter kernel. This function performs digital signal processing operations such as smoothing, noise reduction, and frequency filtering on time series data. You can use series_fir when you want to apply signal processing techniques to your time series data, such as smoothing noisy data, removing high-frequency noise, or implementing custom filtering operations. This is particularly useful for preprocessing data before analysis, removing artifacts, or extracting specific frequency components. Typical applications include sensor data processing, financial time series analysis, and performance monitoring where noise reduction is important.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, FIR filtering isn’t natively available and typically requires external tools or complex workarounds using statistical functions like movingavg or streamstats. Most Splunk users rely on simple moving averages for smoothing. In APL, series_fir provides direct access to sophisticated digital signal processing capabilities with custom filter kernels.
... | streamstats window=5 current=f avg(field) as smoothed_field
ANSI SQL does not provide FIR filtering functionality. Database systems typically require specialized extensions or external libraries for digital signal processing. Most SQL users rely on window functions with simple averages for smoothing. In APL, series_fir brings advanced signal processing capabilities directly into the query language.
SELECT AVG(value) OVER (ORDER BY timestamp ROWS BETWEEN 2 PRECEDING AND 2 FOLLOWING) AS smoothed_value
FROM measurements;

Usage

Syntax

series_fir(array, kernel)

Parameters

ParameterTypeDescription
arraydynamicA dynamic array of numeric values representing the input signal.
kerneldynamicA dynamic array of numeric values representing the FIR filter coefficients.

Returns

A dynamic array representing the filtered signal after applying the FIR filter.

Use case examples

  • Log analysis
  • OpenTelemetry traces
  • Security logs
In log analysis, you can use series_fir to smooth noisy request duration data using a moving average filter, which helps identify underlying performance trends.Query
['sample-http-logs']
| summarize durations = make_list(req_duration_ms) by id
| extend smoothed_durations = series_fir(durations, dynamic([0.2, 0.2, 0.2, 0.2, 0.2]))
Run in PlaygroundOutput
iddurationssmoothed_durations
u123[100, 120, 110, 130, 105][100, 110, 110, 115, 115]
u456[150, 140, 160, 135, 145][150, 145, 150, 147.5, 144]
This query applies a 5-point moving average filter to request durations, useful for smoothing out noise and identifying underlying performance trends.
  • series_fft: Performs Fast Fourier Transform on a series. Use for frequency domain analysis before applying filters.
  • series_ifft: Performs inverse FFT to convert frequency domain back to time domain. Use after frequency domain filtering.
  • series_fill_linear: Fills missing values using linear interpolation. Use for data preprocessing before filtering.
  • series_abs: Returns the absolute value of each element in an array. Use for analyzing filter output magnitudes.
  • series_cos: Returns the cosine of each element in an array. Use for generating filter kernels or analyzing periodic components.