ES|QL DERIV function
field- the metric field to calculate the value for
window-
the time window over which to compute the derivative over time
Calculates the derivative over time of a numeric field using linear regression.
| field | window | result |
|---|---|---|
| double | double | |
| integer | double | |
| long | double |
TS datenanos-k8s
| WHERE pod == "three"
| STATS max_deriv = MAX(DERIV(network.cost)) BY time_bucket = BUCKET(@timestamp,5minute), pod
| max_deriv:double | time_bucket:date_nanos | pod:keyword |
|---|---|---|
| 0.101674 | 2024-05-10T00:00:00.000Z | three |
| 0.0411 | 2024-05-10T00:05:00.000Z | three |
| -0.017149 | 2024-05-10T00:10:00.000Z | three |