max - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Learn more about the Cortex Query Language max function used with both comp and windowcomp stages.

Syntax
Description

The max() function is used to return the maximum value of an integer field over a group of rows. The function syntax and application is based on the preceding stage:

Examples