Skip to main content
Use the bin_auto function to round datetime values down to fixed-size bins where the bin size is automatically determined by the query’s time range. This function simplifies time-series analysis by automatically selecting an appropriate granularity based on the data being queried. The bin_auto function is designed for use with the summarize operator and works exclusively with the _time column. It automatically adjusts the bin size to provide meaningful aggregation intervals, making it ideal for dashboards and visualizations where the time range varies.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, automatic time bucketing is handled by the timechart command, which automatically selects span sizes. APL’s bin_auto provides similar automatic binning within the summarize operator.
| timechart count
ANSI SQL does not have a direct equivalent to automatic time binning. You typically need to calculate the bin size manually based on the query time range. APL’s bin_auto handles this automatically.
-- Manual calculation required based on time range
SELECT DATE_TRUNC('hour', timestamp) AS time_bucket, COUNT(*)
FROM logs
GROUP BY time_bucket

Usage

Syntax

bin_auto(expression)

Parameters

NameTypeDescription
expressiondatetimeA datetime expression to round. Typically the _time column.

Returns

The nearest multiple of the automatically determined bin size below the input expression. The bin size is calculated based on the query’s time range to provide an appropriate number of data points.

Use case examples

Create a time-series view of HTTP traffic with automatic time granularity.Query
['sample-http-logs']
| summarize request_count = count() by bin_auto(_time)
Run in PlaygroundOutput
request_count
4520
This query automatically groups HTTP requests into time buckets based on the query time range, making it easy to visualize traffic patterns without manually specifying bin sizes.
  • bin: Rounds values down to a specified bin size. Use bin when you need explicit control over the interval size.
  • floor: Rounds down to the largest integer less than or equal to the input. Use bin_auto for datetime-specific binning with automatic sizing.
  • summarize: The bin_auto function is designed for use within the summarize operator for time-based aggregations.