axiomhq
diff --git a/‎apl/aggregation-function/rate.mdx
Lines changed: 57 additions & 39 deletions b/‎apl/aggregation-function/rate.mdx
Lines changed: 57 additions & 39 deletions
diff --git a/‎apl/tabular-operators/project-reorder-operator.mdx
Lines changed: 63 additions & 0 deletions b/‎apl/tabular-operators/project-reorder-operator.mdx
Lines changed: 63 additions & 0 deletions
diff --git a/‎mint.json
Lines changed: 1 addition & 0 deletions b/‎mint.json
Lines changed: 1 addition & 0 deletions
@@ -17,13 +17,13 @@ If you come from other query languages, this section explains how to adjust your
 In Splunk SPL, the equivalent of the `rate` function can be achieved using the `timechart` command with a `per_second` option or by calculating the difference between successive values over time. In APL, the `rate` function simplifies this process by directly calculating the rate over a specified time interval.
 
 <CodeGroup>
-```splunk
-| timechart per_second count by status
+```splunk Splunk example
+| timechart per_second count by resp_body_size_bytes
 ```
 
-```kusto
+```kusto APL equivalent
 ['sample-http-logs']
-| summarize rate=count() by status, bin(_time, 1s)
+| summarize rate(resp_body_size_bytes) by bin(_time, 1s)
 ```
 </CodeGroup>
 
@@ -33,15 +33,14 @@ In Splunk SPL, the equivalent of the `rate` function can be achieved using the `
 In ANSI SQL, calculating rates typically involves using window functions like `LAG` or `LEAD` to calculate the difference between successive rows in a time series. In APL, the `rate` function abstracts this complexity by allowing you to directly compute the rate over time without needing window functions.
 
 <CodeGroup>
-```sql
-SELECT status, COUNT(*) / TIMESTAMPDIFF(SECOND, MIN(_time), MAX(_time)) AS rate
-FROM http_logs
-GROUP BY status;
+```sql SQL example
+SELECT resp_body_size_bytes, COUNT(*) / TIMESTAMPDIFF(SECOND, MIN(_time), MAX(_time)) AS rate
+FROM http_logs;
 ```
 
-```kusto
+```kusto APL equivalent
 ['sample-http-logs']
-| summarize rate=count() by status, bin(_time, 1s)
+| summarize rate(resp_body_size_bytes) by bin(_time, 1s)
 ```
 </CodeGroup>
 
@@ -53,88 +52,107 @@ GROUP BY status;
 ### Syntax
 
 ```kusto
-rate(field, timeInterval)
+rate(field)
 ```
 
 ### Parameters
 
-- `field`: The numeric field that you want to calculate the rate for.
-- `timeInterval`: The time interval (e.g., 1s, 1m, 1h) over which to calculate the rate.
+- `field`: The numeric field for which you want to calculate the rate.
 
 ### Returns
 
-Returns the rate of change or occurrence of the specified `field` over the specified `timeInterval`.
+Returns the rate of change or occurrence of the specified `field` over the time interval specified in the query.
+
+Specify the time interval in the query in the following way:
+
+- `| summarize rate(field)` calculates the rate value of the field over the entire query window.
+- `| summarize rate(field) by bin(_time, 1h)` calculates the rate value of the field over a one-hour time window.
+- `| summarize rate(field) by bin_auto(_time)` calculates the rate value of the field bucketed by an automatic time window computed by `bin_auto()`.
+
+<Tip>
+
+Use two `summarize` statements to visualize the average rate over one minute per hour. For example:
+
+```kusto
+['sample-http-logs']
+| summarize respBodyRate = rate(resp_body_size_bytes) by bin(_time, 1m)
+| summarize avg(respBodyRate) by bin(_time, 1h)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20respBodyRate%20%3D%20rate(resp_body_size_bytes)%20by%20bin(_time%2C%201m)%20%7C%20summarize%20avg(respBodyRate)%20by%20bin(_time%2C%201h)%22%2C%20%22queryOptions%22%3A%7B%22quickRange%22%3A%226h%22%7D%7D)
+
+</Tip>
 
 ## Use case examples
 
 <Tabs>
 <Tab title="Log analysis">
 
-In this example, the `rate` aggregation calculates the rate of HTTP requests per second grouped by status.
+In this example, the `rate` aggregation calculates the rate of HTTP response sizes per second.
 
 **Query**
 
 ```kusto
 ['sample-http-logs']
-| summarize rate=count() by status, bin(_time, 1s)
+| summarize rate(resp_body_size_bytes) by bin(_time, 1s)
 ```
 
-[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B%27sample-http-logs%27%5D%20%7C%20summarize%20rate%3Dcount%28%29%20by%20status%2C%20bin%28_time%2C%201s%29%22%7D)
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20rate(resp_body_size_bytes)%20by%20bin(_time%2C%201s)%22%7D)
 
 **Output**
 
-| status | rate  | _time              |
-|--------|-------|--------------------|
-| 200    | 15    | 2024-01-01 12:00:00|
-| 404    | 3     | 2024-01-01 12:00:00|
+| rate  | _time              |
+|-------|--------------------|
+| 854 kB    | 2024-01-01 12:00:00|
+| 635 kB    | 2024-01-01 12:00:01|
 
-This query counts the number of requests per status code and calculates the rate of requests per second.
+This query calculates the rate of HTTP response sizes per second.
 
 </Tab>
 <Tab title="OpenTelemetry traces">
 
-This example calculates the rate of traces received per second for different services.
+This example calculates the rate of span duration per second.
 
 **Query**
 
 ```kusto
 ['otel-demo-traces']
-| summarize rate=count() by ['service.name'], bin(_time, 1s)
+| summarize rate(toint(duration)) by bin(_time, 1s)
 ```
 
-[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B%27otel-demo-traces%27%5D%20%7C%20summarize%20rate%3Dcount%28%29%20by%20%5B%27service.name%27%5D%2C%20bin%28_time%2C%201s%29%22%7D)
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B'otel-demo-traces'%5D%20%7C%20summarize%20rate(toint(duration))%20by%20bin(_time%2C%201s)%22%7D)
 
 **Output**
 
-| service.name         | rate  | _time              |
-|----------------------|-------|--------------------|
-| frontend             | 10    | 2024-01-01 12:00:00|
-| checkoutservice      | 5     | 2024-01-01 12:00:00|
+| rate  | _time              |
+|-------|--------------------|
+| 26,393,768    | 2024-01-01 12:00:00|
+| 19,303,456     | 2024-01-01 12:00:01|
 
-This query calculates the rate of traces per second for each service.
+This query calculates the rate of span duration per second.
 
 </Tab>
 <Tab title="Security logs">
 
-In this example, the `rate` aggregation calculates the rate of security events by HTTP status.
+In this example, the `rate` aggregation calculates the rate of HTTP request duration per second which can be useful to detect an increate in malicious requests.
 
 **Query**
 
 ```kusto
 ['sample-http-logs']
-| summarize rate=count() by status, bin(_time, 1s)
+| summarize rate(req_duration_ms) by bin(_time, 1s)
 ```
 
-[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B%27sample-http-logs%27%5D%20%7C%20summarize%20rate%3Dcount%28%29%20by%20status%2C%20bin%28_time%2C%201s%29%22%7D)
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20rate(req_duration_ms)%20by%20bin(_time%2C%201s)%22%7D)
 
 **Output**
 
-| status | rate  | _time              |
-|--------|-------|--------------------|
-| 401    | 8     | 2024-01-01 12:00:00|
-| 403    | 2     | 2024-01-01 12:00:00|
+| rate  | _time              |
+|-------|--------------------|
+| 240.668 ms     | 2024-01-01 12:00:00|
+| 264.17 ms      | 2024-01-01 12:00:01|
 
-This query calculates the rate of different security-related status codes over time.
+This query calculates the rate of HTTP request duration per second.
 
 </Tab>
 </Tabs>
@@ -145,4 +163,4 @@ This query calculates the rate of different security-related status codes over t
 - [**sum**](/apl/aggregation-function/sum): Returns the sum of values in a field. Use `sum` when you want to aggregate the total value, not its rate of change.
 - [**avg**](/apl/aggregation-function/avg): Returns the average value of a field. Use `avg` when you want to know the mean value rather than how it changes over time.
 - [**max**](/apl/aggregation-function/max): Returns the maximum value of a field. Use `max` when you need to find the peak value instead of how often or quickly something occurs.
-- [**min**](/apl/aggregation-function/min): Returns the minimum value of a field. Use `min` when you're looking for the lowest value rather than a rate.
+- [**min**](/apl/aggregation-function/min): Returns the minimum value of a field. Use `min` when you’re looking for the lowest value rather than a rate.
@@ -0,0 +1,63 @@
+---
+title: 'project-reorder'
+description: 'This page explains how to reorder specified fields in the output.'
+tags: 
+    ['axiom documentation', 'documentation', 'axiom', 'tabular operators', 'project-reorder']
+---
+
+Reorders specified fields in the output while keeping the original order of unspecified fields.
+
+## Syntax
+
+```kusto
+| project-reorder FieldName1OrWildcard[*] [asc|desc|granny-asc|granny-desc], FieldName2OrWildcard[*], FieldName3OrWildcard  [direction], ...
+```
+
+## Arguments
+
+| **name**              | **type**     | **description**                                      |
+| --------------------- | ------------ | ------------------------------------------------------ |
+| Field Name            | **string**     | The name of the field to be reordered in the output. |
+| [direction]           | **string** |  Optional. Specifies the sort order for the reordered fields. Can be one of: `asc`, `desc`, `granny-asc`, or `granny-desc`. `asc` or `desc` orders fields by field name in ascending or descending manner, respectively. `granny-asc` or `granny-desc` orders by ascending or descending, respectively, while secondarily sorting by the next numeric value. For example, `b50` comes before `b9` when granny-asc is specified.|
+
+## Returns
+
+A table with the specified fields reordered as requested, followed by any unspecified fields in their original order. `project-reorder` doesn‘t rename or remove fields from the dataset, therefore, all fields that existed in the dataset, appear in the result table.
+
+## Examples
+
+Reorder all fields in ascending order:
+
+```kusto
+['sample-http-logs'] 
+| project-reorder * asc
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%20%22%5B%27sample-http-logs%27%5D%5Cn%7C%20project-reorder%20%2A%20asc%22%7D)
+
+Reorder specific fields to the beginning:
+
+```kusto
+['sample-http-logs'] 
+| project-reorder method, status, uri
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%20%22%5B%27sample-http-logs%27%5D%5Cn%7C%20project-reorder%20method%2C%20status%2C%20uri%22%7D)
+
+Reorder fields using wildcards and sort in descending order:
+
+```kusto
+['github-push-event'] 
+| project-reorder repo*, num_commits, push_id, ref, size, ['id'], size_large desc 
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%20%22%5B%27github-push-event%27%5D%5Cn%7C%20project-reorder%20repo%2A%2C%20num_commits%2C%20push_id%2C%20ref%2C%20size%2C%20%5B%27id%27%5D%2C%20size_large%20desc%22%7D)
+
+Reorder specific fields and keep others in original order:
+
+```kusto
+['otel-demo-traces']
+| project-reorder trace_id, *, span_id // orders the trace_id then everything else, then span_id fields 
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/explorer?initForm=%7B%22apl%22%3A%20%22%5B%27otel-demo-traces%27%5D%5Cn%7C%20project-reorder%20trace_id%2C%20%2A%2C%20span_id%22%7D)
@@ -353,6 +353,7 @@
             "apl/tabular-operators/project-operator",
             "apl/tabular-operators/project-away-operator",
             "apl/tabular-operators/project-keep-operator",
+            "apl/tabular-operators/project-reorder-operator",
             "apl/tabular-operators/sample-operator",
             "apl/tabular-operators/search-operator",
             "apl/tabular-operators/sort-operator",