# Group By {% hint style="info" %} See the changelog of this Action type [here](/actions/group-by.md). {% endhint %} ## Overview The **Group By** Action summarizes data by performing aggregations using keys and temporal keys (min, hour, or day).

In order to configure this Action, you must first link it to a Listener. Go to [Building a Pipeline ](/the-workspace/pipelines/building-a-pipeline.md)to learn how to link. {% hint style="warning" %} Note that **Group By** operations run independently and in parallel on each worker. This means their results are based only on the events handled by that specific worker, and thus **Group By** operations do not reflect global results by default. {% endhint %} {% hint style="info" %} **AI Action Assistant** This Action has an AI-powered chat feature that can help you configure its parameters. Read more about it in [this article](/the-workspace/pipelines/building-a-pipeline/ai-assistant/ai-action-assistant.md). {% endhint %} ## Ports These are the input and output ports of this Action:

Input ports

* **Default port** - All the events to be processed by this Action enter through this port.

Output ports

* **Default port** - Events are sent through this port if no error occurs while processing them. * **Error port** - Events are sent through this port if an error occurs while processing them.

## Configuration {% stepper %} {% step %} Find **Group By** in the **Actions** tab (under the **Aggregation** group) and drag it onto the canvas. Link it to the required [Listener](https://docs.onum.com/the-workspace/listeners) and [Data sink](https://docs.onum.com/the-workspace/pipelines/data-sinks). {% endstep %} {% step %} To open the configuration, click the Action in the canvas and select **Configuration**. {% endstep %} {% step %} Enter the required parameters: **Grouping configuration**

Parameter	Description
Fields to group*	Lists the fields from the linked Listener or Action for you to choose from. Choose one or more fields to group by.
Grouping time*	Having defined which fields to group by, choose or create a Grouping time. You can write the amount and unit (seconds, minutes, hours, days), or select a common amount.

**Aggregations**

Parameter Description

Parameter	Description
Aggregations*	Now you can add aggregation(s) to your grouping using the following operations: `average` - calculates the average of the values of each grouping. `collect` - collects all the values from rows in each group into a single collection (like an array or list). `collectNotNull` - collects all the values from rows in each group into a single collection (like an array or list), excluding null values. `collectDistinct` - collects all unique (non-duplicate) values of an expression within each group into a single collection (like an array or list) `collectDistinctNotNull` - collects all unique (non-duplicate) values of an expression within each group into a single collection (like an array or list), excluding null values. `count` - calculates the total occurrences for each grouping. `countNotNull` - calculates the total occurrences for each grouping, excluding null values. `first` - finds the first value found for each grouping. The first value will be the first in the workers' queue. `firstNotNull` - finds the first not null value found for each grouping. The first value will be the first in the workers' queue. `last` - finds the last value found for each grouping. The last value will be the last in the workers' queue. `lastNotNull` - finds the last not null value found for each grouping. The last value will be the last in the workers' queue. `max` - finds the highest value found. `min` - finds the lowest value found. `sum` - calculates the total of the values for each grouping. To add another aggregation, use the Add item option. You can also use the arrow keys on your keyboard to navigate up and down the list.
Conditions	You can also carry out an advanced configuration by Grouping By Conditionals. Use the Add Condition option to add conditions to your Aggregation.

Aggregations*

Now you can add aggregation(s) to your grouping using the following operations:

average - calculates the average of the values of each grouping.
collect - collects all the values from rows in each group into a single collection (like an array or list).
collectNotNull - collects all the values from rows in each group into a single collection (like an array or list), excluding null values.
collectDistinct - collects all unique (non-duplicate) values of an expression within each group into a single collection (like an array or list)
collectDistinctNotNull - collects all unique (non-duplicate) values of an expression within each group into a single collection (like an array or list), excluding null values.
count - calculates the total occurrences for each grouping.
countNotNull - calculates the total occurrences for each grouping, excluding null values.
first - finds the first value found for each grouping. The first value will be the first in the workers' queue.
firstNotNull - finds the first not null value found for each grouping. The first value will be the first in the workers' queue.
last - finds the last value found for each grouping. The last value will be the last in the workers' queue.
lastNotNull - finds the last not null value found for each grouping. The last value will be the last in the workers' queue.
max - finds the highest value found.
min - finds the lowest value found.
sum - calculates the total of the values for each grouping.

To add another aggregation, use the Add item option.

You can also use the arrow keys on your keyboard to navigate up and down the list.

Conditions

You can also carry out an advanced configuration by Grouping By Conditionals.

Use the Add Condition option to add conditions to your Aggregation.

{% endstep %} {% step %} Click **Save** to complete. {% endstep %} {% endstepper %} ## Example In this example, we will use the **Group By** action to summarize a large amount of data, grouping by IP address every 5 minutes and aggregate the number of requests by type per IP address. {% stepper %} {% step %} ### Raw data Consider events with the following fields: * `IP_Address` * `Request_Type` * `Timestamp` ```json [ {"IP_Address": "192.168.1.1", "Request_Type": "GET", "Timestamp": "2025-01-09T08:00:00Z"}, {"IP_Address": "192.168.1.2", "Request_Type": "POST", "Timestamp": "2025-01-09T08:05:00Z"}, {"IP_Address": "192.168.1.1", "Request_Type": "POST", "Timestamp": "2025-01-09T08:10:00Z"}, {"IP_Address": "192.168.1.3", "Request_Type": "GET", "Timestamp": "2025-01-09T08:15:00Z"}, {"IP_Address": "192.168.1.2", "Request_Type": "GET", "Timestamp": "2025-01-09T08:20:00Z"}, {"IP_Address": "192.168.1.1", "Request_Type": "GET", "Timestamp": "2025-01-09T08:25:00Z"}, {"IP_Address": "192.168.1.3", "Request_Type": "POST", "Timestamp": "2025-01-09T08:30:00Z"} ] ``` {% endstep %} {% step %} ### Group by We add the **Group By** Action to the canvas and link it to the incoming data. **Group** the logs by `IP_Address`over a period of five minutes by selecting the field containing them in **Fields to group** and *five minutes* as the **grouping time.**

{% endstep %} {% step %} ### Aggregate **Aggregate** the number of requests per IP address, broken down by request type (e.g., `GET` vs `POST`). * **Operation**: `count` * **Field**: `Request_Type` * **Output field:** `count`

{% endstep %} {% step %} ### Output The **Group By** Action will emit the following results via the default *output* port: ```json { "aggregated_requests": [ { "IP_Address": "192.168.1.1", "GET_Count": 2, "POST_Count": 1, "Total_Requests": 3 }, { "IP_Address": "192.168.1.2", "GET_Count": 1, "POST_Count": 1, "Total_Requests": 2 }, { "IP_Address": "192.168.1.3", "GET_Count": 1, "POST_Count": 1, "Total_Requests": 2 } ] } ``` You now have one event per grouping and aggregation match. {% endstep %} {% endstepper %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onum.com/the-workspace/pipelines/actions/aggregation/group-by.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.