透過集合功能整理內容
你可以依據偏好儲存及分類內容。
window.mode
window.mode(values)
說明
傳回輸入值的眾數。如果有多個可能的模式值,系統只會非決定性地選擇其中一個值做為傳回值。
參數資料類型
INT|FLOAT|STRING
傳回類型
STRING
程式碼範例
範例 1
取得比對視窗中值的模式。
// This rule sets the outcome $size_mode to the most frequently occurring
// file size in the 5 minute match window.
events:
$e.user.userid = $userid
match:
$userid over 5m
outcome:
$size_mode = window.mode($e.file.size) // yields 1.6 if the event file size values in the match window are 1.6, 2, and 1.6
除非另有註明,否則本頁面中的內容是採用創用 CC 姓名標示 4.0 授權,程式碼範例則為阿帕契 2.0 授權。詳情請參閱《Google Developers 網站政策》。Java 是 Oracle 和/或其關聯企業的註冊商標。
上次更新時間:2025-07-29 (世界標準時間)。
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-07-29 (世界標準時間)。"],[[["\u003cp\u003e\u003ccode\u003ewindow.mode\u003c/code\u003e calculates the most frequently occurring value (mode) from a set of input values.\u003c/p\u003e\n"],["\u003cp\u003eThe function accepts integer, float, or string data types as input values.\u003c/p\u003e\n"],["\u003cp\u003eIf there are multiple modes, one of them will be randomly selected as the output.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003ewindow.mode\u003c/code\u003e function can be utilized within a rule's outcome to find the mode of a particular field over a defined time window, as demonstrated by finding \u003ccode\u003e$size_mode\u003c/code\u003e over a 5-minute window.\u003c/p\u003e\n"]]],[],null,["### window.mode\n\nSupported in: \n[Rules](/chronicle/docs/detection/default-rules) \n\n window.mode(values)\n\n#### Description\n\nReturn the mode of the input values. In case of multiple possible mode values, only one of those values will be non-deterministically chosen as the return value.\n\n#### Param data types\n\n`INT|FLOAT|STRING`\n\n#### Return type\n\n`STRING`\n\n#### Code samples\n\n##### Example 1\n\nGet mode of the values in the match window. \n\n // This rule sets the outcome $size_mode to the most frequently occurring\n // file size in the 5 minute match window.\n events:\n $e.user.userid = $userid\n match:\n $userid over 5m\n outcome:\n $size_mode = window.mode($e.file.size) // yields 1.6 if the event file size values in the match window are 1.6, 2, and 1.6"]]
