Finds the largest number for the specified field over a set of events. Result is returned in a field named _max.
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
field
can be omitted; the following forms of this function are equivalent:logscale Syntaxmax("value")
and:
logscale Syntaxmax(field="value")
These examples show basic structure only.
max()
Examples
Return what was the maximum responsetime:
logscale
max(responsetime)
Filter for events in the repository with maximum responsetime values greater than 5 seconds:
logscale
max(responsetime)
| _max> 5