maxif() (aggregation function)
Applies to: ✅ Azure Data Explorer ✅ Azure Monitor ✅ Microsoft Sentinel
Calculates the maximum value of expr in records for which predicate evaluates to true
.
Note
This function is used in conjunction with the summarize operator.
See also - max() function, which returns the maximum value across the group without predicate expression.
Syntax
maxif(
expr,
predicate)
Learn more about syntax conventions.
Parameters
Name | Type | Required | Description |
---|---|---|---|
expr | string |
✔️ | The expression used for the aggregation calculation. |
predicate | string |
✔️ | The expression used to filter rows. |
Returns
Returns the maximum value of expr in records for which predicate evaluates to true
.
Example
This example shows the maximum damage for events with no casualties.
StormEvents
| extend Damage=DamageCrops + DamageProperty, Deaths=DeathsDirect + DeathsIndirect
| summarize MaxDamageNoCasualties=maxif(Damage, Deaths == 0) by State
Output
The results table shown includes only the first 10 rows.
State | MaxDamageNoCasualties |
---|---|
TEXAS | 25000000 |
KANSAS | 37500000 |
IOWA | 15000000 |
ILLINOIS | 5000000 |
MISSOURI | 500005000 |
GEORGIA | 344000000 |
MINNESOTA | 38390000 |
WISCONSIN | 45000000 |
NEBRASKA | 4000000 |
NEW YORK | 26000000 |
... | ... |