count_distinctif() (aggregation function) - (preview)
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Conditionally counts unique values specified by the scalar expression per summary group, or the total number of unique values if the summary group is omitted. Only records for which predicate evaluates to true
are counted.
Note
This function is used in conjunction with the summarize operator.
If you only need an estimation of unique values count, we recommend using the less resource-consuming dcountif aggregation function.
Note
- This function is limited to 100M unique values. An attempt to apply the function on an expression returning too many values will produce a runtime error (HRESULT: 0x80DA0012).
- Function performance can be degraded when operating on multiple data sources from different clusters.
Syntax
count_distinctif
(
expr,
predicate)
Learn more about syntax conventions.
Parameters
Name | Type | Required | Description |
---|---|---|---|
expr | scalar | ✔️ | The expression whose unique values are to be counted. |
predicate | string |
✔️ | The expression used to filter records to be aggregated. |
Returns
Integer value indicating the number of unique values of expr per summary group, for all records for which the predicate evaluates to true
.
Example
This example shows how many types of death-causing storm events happened in each state. Only storm events with a nonzero count of deaths will be counted.
Note
Function performance can be degraded when operating on multiple data sources from different clusters.
StormEvents
| summarize UniqueFatalEvents=count_distinctif(EventType,(DeathsDirect + DeathsIndirect)>0) by State
| where UniqueFatalEvents > 0
| top 5 by UniqueFatalEvents
Output
State | UniqueFatalEvents |
---|---|
TEXAS | 12 |
CALIFORNIA | 12 |
OKLAHOMA | 10 |
NEW YORK | 9 |
KANSAS | 9 |