Finds the smallest number for the specified field over a set of events.

ParameterTypeRequiredDefault ValueDescription
asstringoptional[a] _min Name of output field.
field[b]stringrequired   Field to extract a number from.
typestringoptional[a]   description

[a] Optional parameters use their default value unless explicitly set.

[b] The parameter name field can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

min() Syntax Examples

Return what was the minimum responsetime:

logscale
min(responsetime)

Filter for events with a responsetime greater than 5 seconds:

logscale
min(responsetime)
| _min> 5

min() Examples

Click + next to an example below to get the full details.

Alert Query for Parsers Issues

Reporting errors

Query
logscale
#type=humio #kind=logs
| loglevel=WARN
| class = c.h.d.ParserLimitingJob
| "Setting reject ingest for"
| groupBy(id, function=[count(), min(@timestamp), max(@timestamp)] )
| timeDiff:=_max-_min
| timeDiff > 300000 and _count > 10
Introduction

This alert query tries to balance reacting when there are problems with parsers, without being too restrictive.

Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    #type=humio #kind=logs

    Filters on all logs across all hosts in the cluster.

  3. logscale
    | loglevel=WARN

    Filters for all events where the loglevel is equal to WARN.

  4. logscale
    | class = c.h.d.ParserLimitingJob

    Assigns the value c.h.d.ParserLimitingJob to the class for the logs having the loglevel value WARN.

  5. logscale
    | "Setting reject ingest for"

    Filters for events containing the string Setting reject ingest for. This is the error message generated when ingested events are rejected.

  6. logscale
    | groupBy(id, function=[count(), min(@timestamp), max(@timestamp)] )

    Groups the returned result by the field id, makes a count on the events and returns the minimum timestamp and maximum timestamp. This returns a new event set, with the fields id, _count, _min, and _max.

  7. logscale
    | timeDiff:=_max-_min

    Calculates the time difference between the maximum timestamp values and the minimum timestamp values and returns the result in a new field named timeDiff.

  8. logscale
    | timeDiff > 300000 and _count > 10

    Returns all events where the values of timeDiff is greater that 300000 and where there are more than 10 occurrences.

  9. Event Result set.

Summary and Results

This query is used to set up alerts for parsers issues. Setting up alerts for parsers issues will allow to proactively reach out to customers where their queries are being throttled and help them.

Calculate Minimum and Maximum Response Times

Calculate minimum and maximum response times using multiple aggregate functions in square brackets

Query
logscale
[min_response := min(responsetime), max_response := max(responsetime)]
Introduction

In this example, the min() and max() functions are used to find the shortest and longest response times, with results stored in named fields.

Square brackets allow multiple aggregations to be performed in a single operation

Writing a list of aggregators in square brackets is a shorthand syntax for the stats() function.

Example incoming data might look like this:

@timestampendpointresponsetimestatus_code
1686837825000/api/users145200
1686837826000/api/products892200
1686837827000/api/orders167200
1686837828000/api/payment1290500
1686837829000/api/users156200
1686837830000/api/items78200
1686837831000/api/orders934200
1686837832000/api/checkout923200
1686837833000/api/products134200
1686837834000/api/users445200
Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    [min_response := min(responsetime), max_response := max(responsetime)]

    In a single operation, calculates the minimum value from the responsetime field and returns the results in a field named min_response, and calculates the maximum value from the responsetime field and returns the results in a field named max_response.

    Square brackets allow multiple aggregations to be performed in a single operation

  3. Event Result set.

Summary and Results

The query is used to find the range of response times by calculating both the minimum and maximum values.

The results are returned in fields with names specified in the field assignments

This query is useful, for example, to monitor service performance, identify outliers in response times, or establish performance baselines.

Sample output from the incoming example data:

min_responsemax_response
781290

Note that only one row is returned containing both calculated values.

Find Minimum Value in Field

Calculate the minimum value in a numeric field using the min() function

Query
logscale
min(responsetime)
Introduction

In this example, the min() function is used to find the fastest response time from a set of web server logs. The response time is the time from the receipt of a request to the complete processing of the request.

Example incoming data might look like this:

@timestampendpointresponsetimestatus
2025-08-06T10:00:00Z/api/users180200
2025-08-06T10:00:01Z/api/products2850200
2025-08-06T10:00:02Z/api/orders95200
2025-08-06T10:00:03Z/api/users450200
2025-08-06T10:00:04Z/api/products1275200
Step-by-Step

  1. Starting with the source repository events.

  2. logscale
    min(responsetime)

    Calculates the minimum value found in the responsetime field across all events and returns the result in a new field named _min.

    If no events contain the specified field, or if the field contains non-numeric values, the function returns nothing.

  3. Event Result set.

Summary and Results

The query is used to find the fastest response time in the event set, helping identify the best-case performance scenario. Response time is an important parameter. The lower the response time, the better system performance. If server response time is high, it may indicate that the server is overloaded and having difficulties processing requests.

This query is useful, for example, to establish performance baselines, identify optimal performance levels, or verify minimum service level agreements (SLAs).

Sample output from the incoming example data:

_min
95

The result shows a response time of 95ms, which is considered excellent performance, well within the target range for optimal user experience.

Note that the result shows the single smallest value found in the responsetime field across all events in the default output field _min.

The minimum response time can be effectively displayed in a single value widget on a dashboard. For more comprehensive performance analysis, consider combining this with other aggregation functions like max() and avg() to show the full range of response times. For an example, see Calculate Minimum and Maximum Response Times.