documentationwindow¶
Description¶
Evaluate OPAL within time windows.
window evaluates its argument in windowed context, partitioned over the given grouping and ordered by the given ordering (by default, this is the input dataset timestamp.)
Include ‘frame()’ to evaluate the window function inside a sliding window frame.
For queries, you may omit ‘frame()’ to use the current query time window, although this results in a dataset that cannot be accelerated.
If group_by is not specified, the default grouping will be used. The default grouping is the grouping of the verb, which is typically either explicitly specified or defaulted to the set of primary key columns.
Return type¶
variant
Domain¶
This is a scalar function (calculates a single output value for a single input row.)
Categories¶
Usage¶
window(expr, [ group_by ], [ order_by ], [ frame ])
Argument |
Type |
Optional |
Repeatable |
Restrictions |
|---|---|---|---|---|
expr |
variant |
no |
no |
none |
group_by |
grouping |
yes |
no |
constant |
order_by |
ordering |
yes |
no |
constant |
frame |
frame |
yes |
no |
constant |
Examples¶
make_col name:window(first(name), group_by(section), order_by(time))
Name each row with the first name that appears in the current query time window
make_col avg:window(avg(load), group_by(host), order_by(time), frame(back:10m))
Compute the moving average of system load within the past 10 minutes of each event