max()

Returns the maximum value among the values in a group.

Syntax

max(EXPR)

Parameters

EXPR
An expression that returns the field from which to find the maximum value.

Description

The max() function tracks the largest value returned by EXPR as it processes records in a group. Null values are excluded from comparison.

It can compare various types including integers (integer, long), floating-point numbers (float, double), strings, and timestamps. Numeric types are compared by numeric magnitude. Non-numeric types are compared using ObjectComparator. Comparison behavior between different non-numeric types is undefined.

When aggregation is complete, the function returns the largest value. The return type follows the type of the input values. If there are no valid values in the group, it returns null.

This function can only be used in aggregation commands such as stats and timechart.

Error codes

CodeDescription
91020The number of arguments is wrong.

Usage examples

To prepare the WEB_APACHE_SAMPLE table used in these examples, refer to Preparing sample data.

  1. Find the maximum response size across all requests

    table WEB_APACHE_SAMPLE | stats max(bytes)

  2. Find the maximum response size per HTTP status code

    table WEB_APACHE_SAMPLE | stats max(bytes) by status

  3. Null value handling

    json "[{'val': 10}, {'val': null}, {'val': 30}]"
| stats max(val)
| # max(val): 30

Compatibility

The max() function has been available since before Logpresso Sonar 4.0.