serial
Serializes input records tuple by tuple and executes a subquery, then reassembles the results into a single transmission unit and passes them to the next command. Use this command to run subqueries where record order matters.
Command properties
| Property | Description |
|---|---|
| Command type | Transforming |
| Required permission | None |
| License usage | N/A |
| Parallel execution | Supported |
| Distributed execution | Not supported |
Syntax
Target
[ SUBQUERY ]- The subquery to execute for each input record. Enclose the subquery in brackets (
[,]). Only commands that support stream processing can be used in the subquery.
Error codes
Parsing errors
| Error code | Message | Description |
|---|---|---|
| 90204 | Unmatched '['. | The brackets are not properly matched. |
| 90206 | No subquery. | No brackets are present or the subquery is empty. |
| 22501 | The subquery of the serial command contains a command ([cmd]) that cannot be used. | The subquery contains a command that does not support stream processing. |
Runtime errors
N/A
Description
The serial command is used to execute subqueries that require guaranteed record order in a parallel processing environment. In general, the query pipeline transmits records in batches for performance, but commands like prev that depend on record order may not behave as intended when processed in batches.
The serial command serializes each input record as a tuple and passes it to the subquery one at a time, then reassembles the subquery results into a single transmission unit before passing them to the next command. This ensures that records inside the subquery are processed one by one in order.
Only commands that support stream processing can be used in the subquery. Commands that collect all input before processing, such as sort and stats, cannot be used in the subquery.
Examples
-
Calculate the difference from the previous record with order guaranteed
json "[{'seq': 1, 'value': 100}, {'seq': 2, 'value': 250}, {'seq': 3, 'value': 400}]" | serial [ prev value | eval diff = if(isnull(prev_value), 0, value - prev_value) ]The
serialcommand serializes records one by one and passes them to theprevcommand, so the previous record's value can be referenced accurately. -
Process order-dependent field transformations
table duration=1h web_logs | serial [ prev bytes | eval bytes_diff = bytes - prev_bytes ]Serializes records retrieved from the table and calculates the difference from the previous record's
bytesvalue. -
Combine multiple stream-processing commands in a subquery
json "[{'msg': 'user=alice action=login'}, {'msg': 'user=bob action=logout'}]" | serial [ parsekv msg | eval summary = concat(user, ": ", action) ]Runs
parsekvandevalsequentially for each record.