diff --git a/apl/apl-features.mdx b/apl/apl-features.mdx
index 3e33843b..a892de7e 100644
--- a/apl/apl-features.mdx
+++ b/apl/apl-features.mdx
@@ -218,6 +218,7 @@ keywords: ['axiom documentation', 'documentation', 'axiom', 'APL', 'axiom proces
| String function | [strcat_delim](/apl/scalar-functions/string-functions#strcat-delim) | Concatenates 2–64 arguments with a delimiter. |
| String function | [strcat](/apl/scalar-functions/string-functions#strcat) | Concatenates 1–64 arguments. |
| String function | [strcmp](/apl/scalar-functions/string-functions#strcmp) | Compares two strings. |
+| String function | [string-size](/apl/scalar-functions/string-functions/string-size) | Returns the length, in characters, of the input string. |
| String function | [strlen](/apl/scalar-functions/string-functions#strlen) | Returns the length of a string. |
| String function | [strrep](/apl/scalar-functions/string-functions#strrep) | Repeats a string a given number of times. |
| String function | [substring](/apl/scalar-functions/string-functions#substring) | Extracts a substring. |
@@ -298,11 +299,15 @@ keywords: ['axiom documentation', 'documentation', 'axiom', 'APL', 'axiom proces
| Time series function | [series_acos](/apl/scalar-functions/time-series/series-acos) | Returns the inverse cosine (arccos) of a series. |
| Time series function | [series_asin](/apl/scalar-functions/time-series/series-asin) | Returns the inverse sine (arcsin) of a series. |
| Time series function | [series_atan](/apl/scalar-functions/time-series/series-atan) | Returns the inverse tangent (arctan) of a series. |
+| Time series function | [series_cos](/apl/scalar-functions/time-series/series-cos) | Returns the cosine of a series. |
| Time series function | [series_greater](/apl/scalar-functions/time-series/series-greater) | Returns the elements of a series that are greater than a specified value. |
| Time series function | [series_greater_equals](/apl/scalar-functions/time-series/series-greater-equals) | Returns the elements of a series that are greater than or equal to a specified value. |
| Time series function | [series_less](/apl/scalar-functions/time-series/series-less) | Returns the elements of a series that are less than a specified value. |
| Time series function | [series_less_equals](/apl/scalar-functions/time-series/series-less-equals) | Returns the elements of a series that are less than or equal to a specified value. |
| Time series function | [series_not_equals](/apl/scalar-functions/time-series/series-not-equals) | Returns the elements of a series that aren’t equal to a specified value. |
+| Time series function | [series_sin](/apl/scalar-functions/time-series/series-sin) | Returns the sine of a series. |
+| Time series function | [series_sum](/apl/scalar-functions/time-series/series-sum) | Returns the sum of a series. |
+| Time series function | [series_tan](/apl/scalar-functions/time-series/series-tan) | Returns the tangent of a series. |
| Type function | [iscc](/apl/scalar-functions/type-functions/iscc) | Checks whether a value is a valid credit card (CC) number. |
| Type function | [isimei](/apl/scalar-functions/type-functions/isimei) | Checks whether a value is a valid International Mobile Equipment Identity (IMEI) number. |
| Type function | [ismap](/apl/scalar-functions/type-functions/ismap) | Checks whether a value is of the `dynamic` type and represents a mapping. |
diff --git a/apl/scalar-functions/string-functions.mdx b/apl/scalar-functions/string-functions.mdx
index 8ef7dc38..fb19ae73 100644
--- a/apl/scalar-functions/string-functions.mdx
+++ b/apl/scalar-functions/string-functions.mdx
@@ -41,6 +41,7 @@ The table summarizes the string functions available in APL.
| [strcat_delim](#strcat-delim) | Concatenates between 2 and 64 arguments, with delimiter, provided as first argument. |
| [strcat](#strcat) | Concatenates between 1 and 64 arguments. |
| [strcmp](#strcmp) | Compares two strings. |
+| [string-size](/apl/scalar-functions/string-functions/string-size) | Returns the length, in characters, of the input string. |
| [strlen](#strlen) | Returns the length, in characters, of the input string. |
| [strrep](#strrep) | Repeats given string provided number of times (default = 1). |
| [substring](#substring) | Extracts a substring from a source string. |
diff --git a/apl/scalar-functions/string-functions/string-size.mdx b/apl/scalar-functions/string-functions/string-size.mdx
new file mode 100644
index 00000000..c87ee34e
--- /dev/null
+++ b/apl/scalar-functions/string-functions/string-size.mdx
@@ -0,0 +1,148 @@
+---
+title: string_size
+description: 'This page explains how to use the string_size function in APL.'
+---
+
+The `string_size` function returns the number of bytes in a string. You use it when you want to measure the length of text fields such as user IDs, URLs, or status codes. This function is useful for detecting anomalies, filtering out unusually long values, or analyzing patterns in textual data.
+
+For example, you can use `string_size` to detect requests with excessively long URIs, identify outlier user IDs, or monitor payload lengths in traces.
+
+## For users of other query languages
+
+If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
+
+
+
+
+In Splunk SPL, you typically use the `len` function to calculate the number of characters in a string. In APL, you use `string_size` to calculate the number of bytes in a string.
+
+
+```sql Splunk example
+... | eval uri_length=len(uri)
+````
+
+```kusto APL equivalent
+['sample-http-logs']
+| extend uri_length = string_size(uri)
+```
+
+
+
+
+
+
+In ANSI SQL, you use the `LENGTH` or `CHAR_LENGTH` function to calculate string length. In APL, the equivalent is `string_size` to calculate the number of bytes in a string.
+
+
+```sql SQL example
+SELECT LENGTH(uri) AS uri_length
+FROM sample_http_logs;
+```
+
+```kusto APL equivalent
+['sample-http-logs']
+| extend uri_length = string_size(uri)
+```
+
+
+
+
+
+
+## Usage
+
+### Syntax
+
+```kusto
+string_size(source)
+```
+
+### Parameters
+
+| Parameter | Type | Description |
+| --------- | -------- | ---------------------------- |
+| `source` | `string` | The input string expression. |
+
+### Returns
+
+An integer representing the number of bytes in the string. If the string is empty, the function returns `0`.
+
+## Use case examples
+
+
+
+
+You can use `string_size` to detect unusually long URIs that might indicate an attempted exploit or malformed request.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| extend uri_length = string_size(uri)
+| where uri_length > 100
+| project _time, method, uri, uri_length, status
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20extend%20uri_length%20%3D%20string_size%28uri%29%20%7C%20where%20uri_length%20%3E%2010%20%7C%20project%20_time%2C%20method%2C%20uri%2C%20uri_length%2C%20status%22%7D)
+
+**Output**
+
+| _time | method | uri | uri_length | status |
+| -------------------- | ------ | --------------------------------- | ----------- | ------ |
+| 2025-09-11T10:01:45Z | GET | /search/products?q=... | 142 | 200 |
+| 2025-09-11T10:02:13Z | POST | /checkout/submit/order/details... | 187 | 400 |
+
+This query finds all HTTP requests with URIs longer than 10 characters and lists their details.
+
+
+
+
+You can measure the length of trace IDs or span IDs to ensure data consistency and identify malformed identifiers.
+
+**Query**
+
+```kusto
+['otel-demo-traces']
+| extend trace_length = string_size(trace_id)
+| summarize avg_length = avg(trace_length) by ['service.name']
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'otel-demo-traces'%5D%20%7C%20extend%20trace_length%20%3D%20string_size%28trace_id%29%20%7C%20summarize%20avg_length%20%3D%20avg%28trace_length%29%20by%20%5B'service.name'%5D%22%7D)
+
+**Output**
+
+| service.name | avg_length |
+| --------------- | ----------- |
+| frontend | 32 |
+| checkoutservice | 32 |
+| loadgenerator | 31.8 |
+
+This query calculates the average trace ID length per service to verify identifier consistency across the system.
+
+
+
+
+You can check for anomalous user IDs by looking at the length of the `id` field. Very short or very long IDs may signal invalid or suspicious activity.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| extend id_length = string_size(id)
+| where id_length < 5 or id_length > 20
+| project _time, id, id_length, status, ['geo.country']
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20extend%20id_length%20%3D%20string_size(id)%20%7C%20where%20id_length%20%3C%205%20or%20id_length%20%3E%2020%20%7C%20project%20_time%2C%20id%2C%20id_length%2C%20status%2C%20%5B'geo.country'%5D%22%7D)
+
+**Output**
+
+| _time | id | id_length | status | geo.country |
+| -------------------- | ----------------------------- | ---------- | ------ | ----------- |
+| 2025-09-11T09:55:01Z | a12 | 3 | 401 | US |
+| 2025-09-11T09:58:42Z | user_long_id_example_test | 24 | 200 | DE |
+
+This query detects requests with suspiciously short or long user IDs, which might indicate invalid credentials or malicious activity.
+
+
+
diff --git a/apl/scalar-functions/time-series/overview.mdx b/apl/scalar-functions/time-series/overview.mdx
index ef2c7920..060f7a67 100644
--- a/apl/scalar-functions/time-series/overview.mdx
+++ b/apl/scalar-functions/time-series/overview.mdx
@@ -12,8 +12,12 @@ The table summarizes the time series functions available in APL.
| [series_acos](/apl/scalar-functions/time-series/series-acos) | Returns the inverse cosine (arccos) of a series. |
| [series_asin](/apl/scalar-functions/time-series/series-asin) | Returns the inverse sine (arcsin) of a series. |
| [series_atan](/apl/scalar-functions/time-series/series-atan) | Returns the inverse tangent (arctan) of a series. |
+| [series_cos](/apl/scalar-functions/time-series/series-cos) | Returns the cosine of a series. |
| [series_greater](/apl/scalar-functions/time-series/series-greater) | Returns the elements of a series that are greater than a specified value. |
| [series_greater_equals](/apl/scalar-functions/time-series/series-greater-equals) | Returns the elements of a series that are greater than or equal to a specified value. |
| [series_less](/apl/scalar-functions/time-series/series-less) | Returns the elements of a series that are less than a specified value. |
| [series_less_equals](/apl/scalar-functions/time-series/series-less-equals) | Returns the elements of a series that are less than or equal to a specified value. |
| [series_not_equals](/apl/scalar-functions/time-series/series-not-equals) | Returns the elements of a series that aren’t equal to a specified value. |
+| [series_sin](/apl/scalar-functions/time-series/series-sin) | Returns the sine of a series. |
+| [series_sum](/apl/scalar-functions/time-series/series-sum) | Returns the sum of a series. |
+| [series_tan](/apl/scalar-functions/time-series/series-tan) | Returns the tangent of a series. |
diff --git a/apl/scalar-functions/time-series/series-cos.mdx b/apl/scalar-functions/time-series/series-cos.mdx
new file mode 100644
index 00000000..8d687112
--- /dev/null
+++ b/apl/scalar-functions/time-series/series-cos.mdx
@@ -0,0 +1,153 @@
+---
+title: series_cos
+description: 'This page explains how to use the series_cos function in APL.'
+---
+
+The `series_cos` function returns the cosine of each element in a numeric array. You can use it to apply trigonometric transformations across entire time series or vectorized data in one step. This function is useful when you want to analyze periodic patterns, normalize angles, or apply mathematical transformations to series data such as request durations, response times, or trace latencies.
+
+You often use `series_cos` together with other series functions like `series_sin` and `series_tan` to perform mathematical modeling, anomaly detection, or seasonality analysis in logs and telemetry data.
+
+## For users of other query languages
+
+If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
+
+
+
+
+In Splunk SPL, trigonometric functions like `cos` operate on single field values, not on arrays. To compute cosine across multiple values, you typically expand the values into events and then apply the `eval cos(field)` transformation. In APL, `series_cos` works natively on dynamic arrays, so you can directly transform an entire series in one call.
+
+
+```sql Splunk example
+... | eval cos_val=cos(angle)
+````
+
+```kusto APL equivalent
+print arr=dynamic([0, 1.57, 3.14])
+| extend cos_arr=series_cos(arr)
+```
+
+
+
+
+
+
+ANSI SQL does not provide direct support for array-wide trigonometric functions. The `COS()` function only works on single numeric values. To achieve array-like functionality, you usually need to unnest arrays and apply `COS()` row by row. In APL, `series_cos` eliminates this need by directly accepting an array and returning a transformed array.
+
+
+```sql SQL example
+SELECT COS(angle) AS cos_val
+FROM Angles;
+```
+
+```kusto APL equivalent
+print arr=dynamic([0, 1.57, 3.14])
+| extend cos_arr=series_cos(arr)
+```
+
+
+
+
+
+
+## Usage
+
+### Syntax
+
+```kusto
+series_cos(array)
+```
+
+### Parameters
+
+| Parameter | Type | Description |
+| --------- | -------------------------- | --------------------------- |
+| `array` | dynamic (array of numbers) | An array of numeric values. |
+
+### Returns
+
+A dynamic array where each element is the cosine of the corresponding input element.
+
+## Use case examples
+
+
+
+
+You want to model periodic patterns in request durations by applying the cosine function to the values. This is useful if you want to normalize cyclical metrics for further analysis.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize durations=make_list(req_duration_ms) by id
+| extend cos_durations=series_cos(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20durations%3Dmake_list(req_duration_ms)%20by%20id%20%7C%20extend%20cos_durations%3Dseries_cos(durations)%22%7D)
+
+**Output**
+
+| id | durations | cos_durations |
+| -- | ---------------- | ------------------------ |
+| u1 | [120, 300, 450] | [0.814, -0.990, -0.737] |
+| u2 | [50, 250, 400] | [0.965, -0.801, -0.966] |
+
+This query collects request durations per user ID and applies the cosine transformation to the entire array.
+
+
+
+
+You want to apply trigonometric transformations to span durations to explore cyclical behavior in distributed traces.
+
+**Query**
+
+```kusto
+['otel-demo-traces']
+| summarize spans=make_list(duration) by ['service.name']
+| extend cos_spans=series_cos(spans)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'otel-demo-traces'%5D%20%7C%20summarize%20spans%3Dmake_list(duration)%20by%20%5B'service.name'%5D%20%7C%20extend%20cos_spans%3Dseries_cos(spans)%22%7D)
+
+**Output**
+
+| service.name | spans | cos_spans |
+| --------------- | --------------------- | ----------------- |
+| frontend | [00:00:01, 00:00:03] | [0.540, -0.990] |
+| checkoutservice | [00:00:02, 00:00:04] | [-0.416, -0.653] |
+
+This query groups spans by service and computes the cosine for each span duration, which can be used in advanced mathematical modeling of latency patterns.
+
+
+
+
+You want to explore whether cosine transformations reveal patterns in request durations for suspicious traffic sources.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize durations=make_list(req_duration_ms) by ['geo.country']
+| extend cos_blocked=series_cos(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20durations%3Dmake_list(req_duration_ms)%20by%20%5B'geo.country'%5D%20%7C%20extend%20cos_blocked%3Dseries_cos(durations)%22%7D)
+
+**Output**
+
+| geo.country | blocked_durations | cos_blocked |
+| ----------- | ------------------ | ------------------------ |
+| US | [200, 400, 600] | [-0.416, -0.653, 0.960] |
+| DE | [100, 250, 500] | [0.540, -0.801, 0.284] |
+
+This query applies the cosine function to blocked request durations grouped by country, which can help highlight periodic access attempts from malicious sources.
+
+
+
+
+## List of related functions
+
+- [series_abs](/apl/scalar-functions/time-series/series-abs): Returns the absolute value of each element in an array. Use it to normalize negative values in arrays.
+- [series_acos](/apl/scalar-functions/time-series/series-acos): Computes the arccosine of each element in an array. Use when you want the inverse cosine.
+- [series_atan](/apl/scalar-functions/time-series/series-atan): Computes the arctangent of each element in an array. Use when you want the inverse tangent.
+- [series_sin](/apl/scalar-functions/time-series/series-sin): Returns the sine of each element in an array. Use it when analyzing cyclical data with a phase shift.
+- [series_tan](/apl/scalar-functions/time-series/series-tan): Returns the tangent of each element in an array. Use it when you want to transform arrays with tangent-based periodicity.
diff --git a/apl/scalar-functions/time-series/series-sin.mdx b/apl/scalar-functions/time-series/series-sin.mdx
new file mode 100644
index 00000000..42a238c8
--- /dev/null
+++ b/apl/scalar-functions/time-series/series-sin.mdx
@@ -0,0 +1,156 @@
+---
+title: series_sin
+description: 'This page explains how to use the series_sin function in APL.'
+---
+
+The `series_sin` function in APL returns the sine of each element in a numeric array. It applies the mathematical sine function element by element, producing a new array of the same length.
+
+You use `series_sin` when you want to transform numeric sequences into their trigonometric equivalents. This is useful for signal processing, data transformations, or preparing time series data for statistical and mathematical analysis.
+
+## For users of other query languages
+
+If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
+
+
+
+
+Splunk SPL doesn’t provide a direct equivalent to `series_sin` for arrays. Instead, you typically use the `eval` command with the `sin()` function to compute the sine of a single numeric value. In APL, `series_sin` applies `sin()` across an array in one step.
+
+
+```sql Splunk example
+... | eval sin_val=sin(duration)
+````
+
+```kusto APL equivalent
+datatable(arr: dynamic)
+[
+ dynamic([0, 1.57, 3.14])
+]
+| extend sin_values = series_sin(arr)
+```
+
+
+
+
+
+
+ANSI SQL provides the `SIN()` function, but it operates on single values rather than arrays. In APL, `series_sin` is vectorized and works directly on arrays without requiring iteration.
+
+
+```sql SQL example
+SELECT SIN(duration) AS sin_val
+FROM traces;
+```
+
+```kusto APL equivalent
+datatable(arr: dynamic)
+[
+ dynamic([0, 1.57, 3.14])
+]
+| extend sin_values = series_sin(arr)
+```
+
+
+
+
+
+
+## Usage
+
+### Syntax
+
+```kusto
+series_sin(arr)
+```
+
+### Parameters
+
+| Parameter | Type | Description |
+| --------- | ------- | --------------------------- |
+| `arr` | dynamic | An array of numeric values. |
+
+### Returns
+
+A dynamic array where each element is the sine of the corresponding input element.
+
+## Use case examples
+
+
+
+
+You can use `series_sin` to transform request durations into trigonometric values for advanced analysis, such as periodicity detection.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize arr = make_list(req_duration_ms, 10)
+| extend sin_arr = series_sin(arr)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20arr%20%3D%20make_list(req_duration_ms%2C%2010)%20%7C%20extend%20sin_arr%20%3D%20series_sin(arr)%22%7D)
+
+**Output**
+
+| arr | sin_arr |
+| --------------------- | ---------------------------- |
+| [120, 250, 500, 750] | [−0.58, −0.97, −0.52, 0.94] |
+
+This query collects a sample of request durations and applies `series_sin` to generate a transformed series for analysis.
+
+
+
+
+You can use `series_sin` to apply trigonometric transformation to span durations for modeling or feature extraction.
+
+**Query**
+
+```kusto
+['otel-demo-traces']
+| summarize arr = make_list(toint(duration), 10) by ['service.name']
+| extend sin_arr = series_sin(arr)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'otel-demo-traces'%5D%20%7C%20summarize%20arr%20%3D%20make_list(toint(duration)%2C%2010)%20by%20%5B'service.name'%5D%20%7C%20extend%20sin_arr%20%3D%20series_sin(arr)%22%7D)
+
+**Output**
+
+| service.name | arr | sin_arr |
+| ------------ | ---------------- | --------------------- |
+| frontend | [200, 400, 600] | [0.91, −0.73, −0.28] |
+
+This query groups spans by service, aggregates durations into arrays, and transforms them using `series_sin`.
+
+
+
+
+You can use `series_sin` to apply mathematical transformations to response times in security-related traffic to detect unusual patterns.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize arr = make_list(req_duration_ms, 10) by ['geo.country']
+| extend sin_arr = series_sin(arr)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20arr%20%3D%20make_list(req_duration_ms%2C%2010)%20by%20%5B'geo.country'%5D%20%7C%20extend%20sin_arr%20%3D%20series_sin(arr)%22%7D)
+
+**Output**
+
+| geo.country | arr | sin_arr |
+| ----------- | ---------------- | ---------------------- |
+| US | [180, 360, 540] | [−0.80, −0.99, −0.84] |
+
+This query filters failed requests (`403`) by country, aggregates durations, and applies `series_sin` to identify periodic anomalies.
+
+
+
+
+## List of related functions
+
+- [series_abs](/apl/scalar-functions/time-series/series-abs): Returns the absolute value of each element in an array. Use it to normalize negative values in arrays.
+- [series_acos](/apl/scalar-functions/time-series/series-acos): Computes the arccosine of each element in an array. Use when you want the inverse cosine.
+- [series_atan](/apl/scalar-functions/time-series/series-atan): Computes the arctangent of each element in an array. Use when you want the inverse tangent.
+- [series_cos](/apl/scalar-functions/time-series/series-cos): Returns the cosine of each element in an array. Use it when analyzing cyclical data with a phase shift.
+- [series_tan](/apl/scalar-functions/time-series/series-tan): Returns the tangent of each element in an array. Use it when you want to transform arrays with tangent-based periodicity.
diff --git a/apl/scalar-functions/time-series/series-sum.mdx b/apl/scalar-functions/time-series/series-sum.mdx
new file mode 100644
index 00000000..f68ea240
--- /dev/null
+++ b/apl/scalar-functions/time-series/series-sum.mdx
@@ -0,0 +1,158 @@
+---
+title: series_sum
+description: 'This page explains how to use the series_sum function in APL.'
+---
+
+The `series_sum` function in APL calculates the total of all numeric elements in a dynamic array. You use it when you have a series of values and you want to condense them into a single aggregate number. For example, if you create arrays of request durations or span times, `series_sum` lets you quickly compute the total across each series.
+
+This function is useful in scenarios such as:
+
+- Aggregating request latencies across sessions or users.
+- Summing the duration of spans in distributed traces.
+- Calculating total counts or values across arrays in security log analysis.
+
+## For users of other query languages
+
+If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
+
+
+
+
+In Splunk SPL, you typically use the `eval` command with `mvsum` to sum values in a multivalue field. In APL, you use `series_sum` for the same purpose. Both functions collapse an array into a single scalar value.
+
+
+```sql Splunk example
+... | eval total_duration = mvsum(req_duration_ms)
+````
+
+```kusto APL equivalent
+['sample-http-logs']
+| extend total_duration = series_sum(pack_array(req_duration_ms))
+```
+
+
+
+
+
+
+In SQL, you normally use `SUM()` as an aggregate over rows. If you want to sum elements inside an array, you must use functions such as `UNNEST` first. In APL, `series_sum` directly operates on dynamic arrays, so you don’t need to flatten them.
+
+
+```sql SQL example
+SELECT user_id, SUM(val) AS total
+FROM my_table, UNNEST(values) AS val
+GROUP BY user_id
+```
+
+```kusto APL equivalent
+['sample-http-logs']
+| summarize total = series_sum(pack_array(req_duration_ms)) by id
+```
+
+
+
+
+
+
+## Usage
+
+### Syntax
+
+```kusto
+series_sum(array)
+```
+
+### Parameters
+
+| Parameter | Type | Description |
+| --------- | --------------- | ----------------------------------- |
+| `array` | dynamic (array) | The array of numeric values to sum. |
+
+### Returns
+
+A `real` value representing the sum of all numeric elements in the array. If the array is empty, the function returns `0`.
+
+## Use case examples
+
+
+
+
+When you want to calculate the total request duration per user across multiple requests.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize durations = make_list(req_duration_ms) by id
+| extend total_duration = series_sum(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20durations%20%3D%20make_list(req_duration_ms)%20by%20id%20%7C%20extend%20total_duration%20%3D%20series_sum(durations)%22%7D)
+
+**Output**
+
+| id | durations | total_duration |
+| ---- | --------------- | --------------- |
+| u123 | [120, 300, 50] | 470 |
+| u456 | [200, 150] | 350 |
+
+This query collects request durations for each user, creates an array, and then sums the array to compute the total request time per user.
+
+
+
+
+When you want to compute the total span duration per service within a trace.
+
+**Query**
+
+```kusto
+['otel-demo-traces']
+| summarize durations = make_list(duration) by ['service.name'], trace_id
+| extend total_span_duration = series_sum(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'otel-demo-traces'%5D%20%7C%20summarize%20durations%20%3D%20make_list(duration)%20by%20%5B'service.name'%5D%2C%20trace_id%20%7C%20extend%20total_span_duration%20%3D%20series_sum(durations)%22%7D)
+
+**Output**
+
+| service.name | trace_id | durations | total_span_duration |
+| --------------- | --------- | ----------------------------- | --------------------- |
+| frontend | t123 | [00:00:01.2000000, 00:00:02] | 00:00:03.2000000 |
+| checkoutservice | t456 | [00:00:00.5000000] | 00:00:00.5000000 |
+
+This query groups spans by service and trace, collects the span durations, and computes the total execution time of spans.
+
+
+
+
+When you want to evaluate the total request duration for each HTTP status code.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize durations = make_list(req_duration_ms) by status
+| extend total_duration = series_sum(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20durations%20%3D%20make_list(req_duration_ms)%20by%20status%20%7C%20extend%20total_duration%20%3D%20series_sum(durations)%22%7D)
+
+**Output**
+
+| status | durations | total_duration |
+| ------ | --------------- | --------------- |
+| 200 | [100, 300, 50] | 450 |
+| 500 | [250, 400] | 650 |
+
+This query aggregates request durations for each HTTP status code, then sums them to provide insight into the total duration of successful vs. failed requests.
+
+
+
+
+## List of related functions
+
+- [series_abs](/apl/scalar-functions/time-series/series-abs): Returns the absolute value of each element in an array. Use it to normalize negative values in arrays.
+- [series_acos](/apl/scalar-functions/time-series/series-acos): Computes the arccosine of each element in an array. Use when you want the inverse cosine.
+- [series_atan](/apl/scalar-functions/time-series/series-atan): Computes the arctangent of each element in an array. Use when you want the inverse tangent.
+- [series_cos](/apl/scalar-functions/time-series/series-cos): Returns the cosine of each element in an array. Use it when analyzing cyclical data with a phase shift.
+- [series_tan](/apl/scalar-functions/time-series/series-tan): Returns the tangent of each element in an array. Use it when you want to transform arrays with tangent-based periodicity.
diff --git a/apl/scalar-functions/time-series/series-tan.mdx b/apl/scalar-functions/time-series/series-tan.mdx
new file mode 100644
index 00000000..1928861b
--- /dev/null
+++ b/apl/scalar-functions/time-series/series-tan.mdx
@@ -0,0 +1,160 @@
+---
+title: series_tan
+description: 'This page explains how to use the series_tan function in APL.'
+---
+
+The `series_tan` function computes the tangent of each numeric element in a dynamic array. You use it when you work with time series or other array-based datasets and want to transform values using the trigonometric tangent. For example, you can convert request durations, latency values, or span durations into their tangent values for mathematical modeling, anomaly detection, or visualization.
+
+This function is useful when you want to:
+
+- Apply trigonometric transformations to time series data.
+- Prepare data for advanced mathematical or statistical analysis.
+- Detect periodic or angular patterns in logs, traces, or security events.
+
+## For users of other query languages
+
+If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
+
+
+
+
+Splunk SPL doesn’t include a direct `tan` function for arrays. In SPL, you often use `eval` with `tan()` on scalar values. In APL, `series_tan` applies the tangent function element-wise to an entire array, which makes it better suited for time series or dynamic arrays.
+
+
+```sql Splunk example
+... | eval tan_val=tan(duration)
+````
+
+```kusto APL equivalent
+['sample-http-logs']
+| extend series = pack_array(req_duration_ms, req_duration_ms*2, req_duration_ms*3)
+| extend tan_series = series_tan(series)
+```
+
+
+
+
+
+
+In ANSI SQL, you use the `TAN()` function on scalar values, but there is no native array type or array-wide trigonometric function. In APL, `series_tan` applies `tan` to each array element, which makes it easy to work with time series data.
+
+
+```sql SQL example
+SELECT TAN(duration) AS tan_val
+FROM otel_demo_traces;
+```
+
+```kusto APL equivalent
+['otel-demo-traces']
+| extend series = pack_array(duration, duration*2, duration*3)
+| extend tan_series = series_tan(series)
+```
+
+
+
+
+
+
+## Usage
+
+### Syntax
+
+```kusto
+series_tan(array)
+```
+
+### Parameters
+
+| Parameter | Type | Description |
+| --------- | --------------------------------- | ------------------------------------------------------------- |
+| `array` | dynamic (array of numeric values) | The array of numeric values to apply the tangent function to. |
+
+### Returns
+
+A dynamic array where each element is the tangent of the corresponding input element.
+
+## Use case examples
+
+
+
+
+You want to analyze request durations and apply a trigonometric transformation to highlight periodic anomalies.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| summarize durations = make_list(req_duration_ms) by id
+| extend tan_series = series_tan(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20summarize%20durations%20%3D%20make_list(req_duration_ms)%20by%20id%20%7C%20extend%20tan_series%20%3D%20series_tan(durations)%22%7D)
+
+**Output**
+
+| id | durations | tan_series |
+| ---- | ---------------- | --------------------- |
+| A123 | [100, 200, 300] | [1.56, -2.19, -0.14] |
+| B456 | [150, 250, 350] | [14.10, -0.75, 0.51] |
+
+This query groups request durations by user ID, transforms them into arrays, and applies the tangent function element-wise.
+
+
+
+
+You want to transform span durations for mathematical modeling of system behavior.
+
+**Query**
+
+```kusto
+['otel-demo-traces']
+| summarize spans = make_list(duration) by ['service.name']
+| extend tan_series = series_tan(spans)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'otel-demo-traces'%5D%20%7C%20summarize%20spans%20%3D%20make_list(duration)%20by%20%5B'service.name'%5D%20%7C%20extend%20tan_series%20%3D%20series_tan(spans)%22%7D)
+
+**Output**
+
+| service.name | spans | tan_series |
+| ------------ | --------------------- | ------------------- |
+| frontend | [50ms, 100ms, 150ms] | [0.05, 0.10, 0.15] |
+| cartservice | [75ms, 125ms, 175ms] | [0.07, 0.13, 0.18] |
+
+This query collects span durations for each service, builds arrays, and applies tangent transformation for further modeling.
+
+
+
+
+You want to detect anomalies in request durations for failed HTTP requests by applying the tangent transformation.
+
+**Query**
+
+```kusto
+['sample-http-logs']
+| where status != '200'
+| summarize durations = make_list(req_duration_ms) by geo.country
+| extend tan_series = series_tan(durations)
+```
+
+[Run in Playground](https://play.axiom.co/axiom-play-qf1k/query?initForm=%7B%22apl%22%3A%22%5B'sample-http-logs'%5D%20%7C%20where%20status%20!%3D%20'200'%20%7C%20summarize%20durations%20%3D%20make_list(req_duration_ms)%20by%20%5B'geo.country'%5D%20%7C%20extend%20tan_series%20%3D%20series_tan(durations)%22%7D)
+
+**Output**
+
+| geo.country | durations | tan_series |
+| ----------- | ---------------- | -------------------- |
+| US | [120, 220, 320] | [2.57, -1.37, 0.73] |
+| UK | [140, 240, 340] | [9.96, -0.46, 0.28] |
+
+This query filters failed requests, groups their durations by country, and applies tangent transformation to detect anomalies.
+
+
+
+
+## List of related functions
+
+- [series_abs](/apl/scalar-functions/time-series/series-abs): Returns the absolute value of each element in an array. Use it to normalize negative values in arrays.
+- [series_acos](/apl/scalar-functions/time-series/series-acos): Computes the arccosine of each element in an array. Use when you want the inverse cosine.
+- [series_atan](/apl/scalar-functions/time-series/series-atan): Computes the arctangent of each element in an array. Use when you want the inverse tangent.
+- [series_cos](/apl/scalar-functions/time-series/series-cos): Returns the cosine of each element in an array. Use it when analyzing cyclical data with a phase shift.
+- [series_sin](/apl/scalar-functions/time-series/series-sin): Returns the sine of each element in an array. Use it when analyzing cyclical data with a phase shift.
diff --git a/docs.json b/docs.json
index b4def543..9a413fc6 100644
--- a/docs.json
+++ b/docs.json
@@ -364,10 +364,11 @@
"apl/scalar-functions/string-functions/parse-path",
"apl/scalar-functions/string-functions/quote",
"apl/scalar-functions/string-functions/regex-quote",
+ "apl/scalar-functions/string-functions/string-size",
"apl/scalar-functions/string-functions/translate",
+ "apl/scalar-functions/string-functions/trim-space",
"apl/scalar-functions/string-functions/unicode-codepoints-from-string",
- "apl/scalar-functions/string-functions/unicode-codepoints-to-string",
- "apl/scalar-functions/string-functions/trim-space"
+ "apl/scalar-functions/string-functions/unicode-codepoints-to-string"
]
},
"apl/scalar-functions/sql-functions",
@@ -379,11 +380,15 @@
"apl/scalar-functions/time-series/series-acos",
"apl/scalar-functions/time-series/series-asin",
"apl/scalar-functions/time-series/series-atan",
+ "apl/scalar-functions/time-series/series-cos",
"apl/scalar-functions/time-series/series-greater",
"apl/scalar-functions/time-series/series-greater-equals",
"apl/scalar-functions/time-series/series-less",
"apl/scalar-functions/time-series/series-less-equals",
- "apl/scalar-functions/time-series/series-not-equals"
+ "apl/scalar-functions/time-series/series-not-equals",
+ "apl/scalar-functions/time-series/series-sin",
+ "apl/scalar-functions/time-series/series-sum",
+ "apl/scalar-functions/time-series/series-tan"
]
},
{