Contribute in GitHub:
Edit online
arg_max() (aggregation function)
Finds a row in the group that maximizes ExprToMaximize.
Note
Deprecated aliases:** argmax()
Syntax
arg_max (ExprToMaximize, * | ExprToReturn [, ...])
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| ExprToMaximize | string | ✓ | The expression used for aggregation calculation. |
| ExprToReturn | string | ✓ | The expression used for returning the value when ExprToMaximize is maximum. |
Note
Use of a wildcard * to return all columns of the input table is currently not supported.
Returns
Returns a row in the group that maximizes ExprToMaximize, and the values of columns specified in ExprToReturn.
Examples
Find the maximum event logged and the corresponding Data Source.
events
| project arg_max(data_source_name, name)
|take 1
Results
| name | data_source_name |
|---|---|
| New SVC connection, no existing connection | ciscoASASource2 |