- KNOWLEDGE BASE
- ANALYZE IN STYLE
- FUNCTIONS
-
START YOUR TRIAL
-
DEVICE INTEGRATION
-
CONNECTORS
-
DATA INGESTION
-
HUNTING WITH WORKBOOKS
-
ANALYZE IN STYLE
-
SECURITY MONITORING
-
OPERATIONS
-
MANAGE DASHBOARDS
-
MANAGE REPORTS
-
USER MANAGEMENT & ACCESS CONTROL
-
BILLING
-
MANAGING YOUR COMPONENTS
-
GETTING STARTED
-
INSTALLATION
-
SOLUTION DESIGN
-
AUTOMATION
-
TROUBLESHOOTING AND DEBUGGING
-
LICENSE MANAGEMENT
-
RELEASE NOTES
-
API
-
POLICIES
-
SECURITY BULLETINS
Max
The MAX function that allows you to find the maximum value in a set of values. The following illustrates the syntax of the MAX function.
Stream=firewall | groupby dstcn | select dstcn, max (evtlen)
Here,
- Stream is Firewall
- Groupby function allows to organize similar data into groups i.e. groupby destination country.
- Select function helps you to retrieve records from one or more tables, the records retrieved are known as a result set.
- The max ( ) function returns the highest value (maximum) in a set of non-NULL values.
In this example, on execution it should retrieve all fields for each event where the stream is firewall, it retrieves the maximum value in each group. The output is shown as below:
