Selects the event with the minimum value in the specified field. Only the included fields will be present in the resulting event. If multiple events have the same minimum value, then it is non-deterministic which event will be selected.

ParameterTypeRequiredDefaultDescription
field[a]stringrequired  The name of the field that is used to find the minimum value.
includeArray of stringsrequired  The names of the fields to include in the generated event.

[a] The argument name field can be omitted.

Omitted Argument Names

The argument name for field can be omitted; the following forms of this function are equivalent:

logscale
selectFromMin("value")

and:

logscale
selectFromMin(field="value")

Find the first value of a field x (and when that value was from):

logscale
selectFromMin(@timestamp, include=[x, @timestamp])

This selects the event with minimum value of @timestamp that also contains the specified field x, and returns an event with fields @timestamp and x only.