distinct
Description
The distinct command returns one document per unique value (or combination
of values) for the given expressions. It is particularly useful for reporting
or identifying unique entities within a dataset.
Functionally, it behaves like a lightweight groupby without any aggregation
functions—simply collapsing duplicates and returning the first occurrence of
each distinct value.
Use distinct when you want a list of unique keys, not an aggregate
summary.
Syntax
distinct <expression> [as <alias>] [, <expression_2> [as <alias_2>], ...]
Example
Use case: Generate a list of unique active users
Suppose your logs contain multiple entries per user as they interact with your
system. You can use distinct to produce a clean list of unique usernames for
reporting or activity tracking.
Example data
{ "username": "Chris", "action": "login" },
{ "username": "Chris", "action": "upload" },
{ "username": "Dave", "action": "login" },
{ "username": "Maria", "action": "logout" },
{ "username": "Maria", "action": "login" }
Example query
source logs
| filter username != null
| distinct username as active_users
Example output
| active_users |
|---|
| Chris |
| Dave |
| Maria |
The distinct command collapses repeated usernames into a single record for
each, creating a clear list of active users.