documentationwindow¶
Description¶
Evaluates its argument in windowed context, partitioned over the given grouping and ordered by the given ordering (by default, input dataset timestamp.) Include ‘frame()’ to evaluate the window function inside a sliding window frame.
For queries, you may omit ‘frame()’ to use the current query time window, although this results in a dataset that cannot be accelerated.
Return type¶
any
Domain¶
This is a scalar function (calculates a single output value for a single input row.)
Categories¶
Usage¶
window( expr [ , group_by ] [ , order_by ] [ , frame ] )
Argument |
Type |
Required |
Multiple |
|---|---|---|---|
expr |
any |
Required |
Only one |
group_by |
grouping |
Optional |
Only one |
order_by |
ordering |
Optional |
Only one |
frame |
frame |
Optional |
Only one |
Examples¶
make_col name:window(first(name), group_by(section), order_by(time))
Name each row with the first name that appears in the current query time window
make_col avg:window(avg(load), group_by(host), order_by(time), frame(back:10m))
Compute the moving average of system load within the past 10 minutes of each event