ES|QL FIRST_OVER_TIME function
field- the metric field to calculate the value for
window-
the time window over which to compute the first over time value
Calculates the earliest value of a field, where recency determined by the @timestamp field.
| field | window | result |
|---|---|---|
| counter_double | time_duration
|
double |
| counter_integer | time_duration
|
integer |
| counter_long | time_duration
|
long |
| double | time_duration
|
double |
| exponential_histogram
|
time_duration
|
exponential_histogram |
| integer | time_duration
|
integer |
| long | time_duration
|
long |
TS k8s
| STATS max_cost=MAX(FIRST_OVER_TIME(network.cost)) BY cluster, time_bucket = TBUCKET(1minute)
| max_cost:double | cluster:keyword | time_bucket:datetime |
|---|---|---|
| 12.375 | prod | 2024-05-10T00:17:00.000Z |
| 12.375 | qa | 2024-05-10T00:01:00.000Z |
| 12.25 | prod | 2024-05-10T00:19:00.000Z |