max()

max(col [, ...cols]) returns the maximum value of the provided column(s) in the input datastream. If multiple columns are provided, their values are lexically ordered as a tuple.

Note

max(a, b) is not the same as max(a), max(b). To get the maximum values of multiple columns, run a stats query, e.g. stats max(a), max(b). See stats() for more information.

Ordering

Ordering is alphabetical/lexical for strings, and numeric for numbers. If multiple columns are supplied, the ordering of the whole is evaluated lexically as a tuple, e.g. we compare the first values, then, if they're equal, we compare the second values, then, if they're equal, we compare the third values, etc.

If a field contains data of multiple types, text values are considered greater than numeric values, and numeric values are considered greater than null values. E.g.:

[1] < [2]
["a"] < ["aa"]
[1, 2] < [2, 1]
[1, 1] < [1, 2]
["ab", "a"] > ["a", "ca"]
["ab", 1] > ["a", 2]
[1, null] < [1, 2]

Returns

A table with one row and one column for each col provided, called @q.max[i], where i is the index of col in the arguments. If only one col was provided, the column is called @q.max.

Example

Return the maximum elapsed time for a request in the checkout_api service.

%ingest.source_type: "kubernetes"
and kubernetes.container_name: "checkout_api"
| max(log.%kv.elapsed_ms)

Previousgroupbycount()Nextmin()

Last updated 7 months ago