findlatest

The findlatest aggregation function returns the latest value (based on _time) of Expression across the group.

Use this function with the summarize, eventstats, and timestats operators.

Syntax

​

    findlatest( Expression )

Arguments

​

• Expression: Expression used for aggregation calculation. Wildcards are not supported for field names.

Example

​

dataset=myDataset
| summarize findlatest(receiptTime)