1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex XDR™ XQL Language Reference
    5. Stages Commands Reference
    6. Comp
    7. latest

    latest

    Cortex XDR XQL latest aggregate returns the latest field value found with the matching criteria.

    Synopsis

    comp latest(<
    field
    >) [as <
    alias
    >] by <
    field_1
    >,<
    field_2
    >

    Description

    The
    latest
     aggregation is a comp function that returns the chronologically latest value found for a field that has matching values for the fields identified in the
    by
     clause.

    Examples

    Return the chronologically latest timestamp found for any given
    action_total_download
     value for all records that have matching values for their
    actor_process_image_path
     and
    actor_process_command_line
     fields. 
    dataset = xdr_data 
| fields _time,
      actor_process_image_path as Process_Path,
      actor_process_command_line as Process_CMD,
      action_total_download as Download 
| filter Download > 0 
| comp latest(_time) as download_time by Process_Path, Process_CMD

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo