ES|QL MAX_OVER_TIME function
field- the metric field to calculate the value for
window-
the time window over which to compute the maximum
Calculates the maximum over time value of a field.
| field | window | result |
|---|---|---|
| aggregate_metric_double | time_duration
|
double |
| boolean | time_duration
|
boolean |
| date | time_duration
|
date |
| date_nanos | time_duration
|
date_nanos |
| double | time_duration
|
double |
| exponential_histogram
|
time_duration
|
double |
| integer | time_duration
|
integer |
| ip | time_duration
|
ip |
| keyword | time_duration
|
keyword |
| long | time_duration
|
long |
| tdigest
|
time_duration
|
double |
| text | time_duration
|
keyword |
| unsigned_long
|
time_duration
|
unsigned_long |
| version | time_duration
|
version |
TS k8s
| STATS cost=SUM(MAX_OVER_TIME(network.cost)) BY cluster, time_bucket = TBUCKET(1minute)
| cost:double | cluster:keyword | time_bucket:datetime |
|---|---|---|
| 32.75 | qa | 2024-05-10T00:17:00.000Z |
| 32.25 | staging | 2024-05-10T00:09:00.000Z |
| 31.75 | qa | 2024-05-10T00:06:00.000Z |
| 29.0 | prod | 2024-05-10T00:19:00.000Z |