[ES|QL] Support first(), last() functions

elastic / elasticsearch

Free and Open, Distributed, RESTful Search Engine

https://www.elastic.co/products/elasticsearch

Other

69.51k stars 24.6k forks source link

[ES|QL] Support first(), last() functions #108385

Open wchaparro opened 4 months ago

wchaparro commented 4 months ago

Support aggregate functions - FIRST(<field> BY <@timestamp>) and LAST( BY <@timestamp>)`

elasticsearchmachine commented 4 months ago

Pinging @elastic/es-analytical-engine (Team:Analytics)

bpintea commented 4 months ago

Do we want smth different than this? https://www.elastic.co/guide/en/elasticsearch/reference/master/esql-functions-operators.html#esql-agg-max

wchaparro commented 4 months ago

Good catch @bpintea updated the title/desc

IanLee1521 commented 4 weeks ago

This would be incredible for us coming from Splunk and missing the latest() function... if there is ever some prototype work on this that you'd like feedback for, definitely let me know.

tylerperk commented 3 weeks ago

Hey @IanLee1521 thanks for the offer. We'd like to do this someday but no specific plans yet. We'll let you know if we need any requirements clarification or feedback. I assume first and last would be like earliest and latest, respectively.