Stay organized with collections
Save and categorize content based on your preferences.
max
max(numericExpression)
Description
The max function returns the maximum of the values within a numeric column.
It is often used with match to get the maximum value within each group in
the data.
Param data types
NUMBER
Return type
NUMBER
Code Samples
Example
Find all the events where target.ip is not empty. For all the events that
match on principal.ip, store the maximum of metadata.event_timestamp.seconds
in a variable called max_seconds.
target.ip != ""
match:
principal.ip
outcome:
$max_seconds = max(metadata.event_timestamp.seconds)
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-14 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-14 UTC."],[[["\u003cp\u003eThe \u003ccode\u003emax\u003c/code\u003e function is used to determine the highest value within a column of numbers.\u003c/p\u003e\n"],["\u003cp\u003eThis function is used with the \u003ccode\u003ematch\u003c/code\u003e function, to find the maximum value of each group within a dataset.\u003c/p\u003e\n"],["\u003cp\u003eThe function only accepts \u003ccode\u003eNUMBER\u003c/code\u003e data types as its input.\u003c/p\u003e\n"],["\u003cp\u003eThe function returns the highest \u003ccode\u003eNUMBER\u003c/code\u003e data type value.\u003c/p\u003e\n"]]],[],null,["### max\n\n max(numericExpression)\n\n#### Description\n\nThe `max` function returns the maximum of the values within a numeric column.\nIt is often used with `match` to get the maximum value within each group in\nthe data.\n\n#### Param data types\n\n`NUMBER`\n\n#### Return type\n\n`NUMBER`\n\n#### Code Samples\n\n##### Example\n\nFind all the events where `target.ip` is not empty. For all the events that\nmatch on `principal.ip`, store the maximum of `metadata.event_timestamp.seconds`\nin a variable called `max_seconds`. \n\n target.ip != \"\"\n match:\n principal.ip\n outcome:\n $max_seconds = max(metadata.event_timestamp.seconds)"]]
