Selects the event with the maximum value in the specified field. Only the included fields will be present in the resulting event. If multiple events have the same maximum value, then it is non-deterministic which event will be selected.

ParameterTypeRequiredDefault ValueDescription
field[a]stringrequired  The name of the field that is used to find the maximum value.
includeArray of stringsrequired  The names of the fields to include in the generated event.

[a] The argument name field can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

Find the latest value of a field x (and when that value was from).

Try

logscale
selectFromMax(@timestamp, include=[x, @timestamp])

This selects the event with maximum value of @timestamp that also contains the specified field x, and returns an event with fields @timestamp and x only.