count_distinct() (aggregation function) - (preview)

Applies to: ✅ Azure Data ExplorerAzure MonitorMicrosoft Sentinel

Counts unique values specified by the scalar expression per summary group, or the total number of unique values if the summary group is omitted.

Null values are ignored and don't factor into the calculation.

Note

This function is used in conjunction with the summarize operator.

If you only need an estimation of unique values count, we recommend using the less resource-consuming dcount aggregation function.

To count only records for which a predicate returns true, use the count_distinctif aggregation function.

Note

  • This function is limited to 100M unique values. An attempt to apply the function on an expression returning too many values will produce a runtime error (HRESULT: 0x80DA0012).
  • Function performance can be degraded when operating on multiple data sources from different clusters.

Syntax

count_distinct (expr)

Learn more about syntax conventions.

Parameters

Name Type Required Description
expr scalar ✔️ The expression whose unique values are to be counted.

Returns

Long integer value indicating the number of unique values of expr per summary group.

Example

This example shows how many types of storm events happened in each state.

  • Function performance can be degraded when operating on multiple data sources from different clusters.
StormEvents
| summarize UniqueEvents=count_distinct(EventType) by State
| top 5 by UniqueEvents

Output

State UniqueEvents
TEXAS 27
CALIFORNIA 26
PENNSYLVANIA 25
GEORGIA 24
NORTH CAROLINA 23