Contribute in GitHub:
Edit online
countif() (aggregation function)
Returns a count of rows for which Predicate evaluates to true. Can only be used only in context of aggregation inside summarize.
Syntax
countif (Predicate)
Arguments
Predicate: Expression that will be used for aggregation calculation. Predicate can be any scalar expression with return type of bool (evaluating to true/false).
Example
This query returns a count of rows for which Predicate evaluates to true. Notice the rows which do not match the predicate are still returned, but their records were not counted
events
| project severity, original_time
| where original_time > ago(24h)
| summarize EventCount=countif(severity > 6) by EventSeverity=severity
| order by EventSeverity desc
Results
| EventSeverity | EventCount |
|---|---|
| 10 | 245015 |
| 9 | 1401646 |
| 8 | 360175 |
| 6 | 0 |
| 5 | 0 |
| 4 | 0 |
| 3 | 0 |
| 2 | 0 |
| 1 | 0 |
See also
count() function, which counts rows without predicate expression.