Google Cloud Documentation

window.first

Supported in:

Rules

window.first(values_to_sort_by, values_to_return)

Description

This aggregation function returns a string value derived from an event with the lowest correlated int value in the match window. An example use case is getting the userid from the event with the lowest timestamp in the match window (earliest event).

Param data types

INT, STRING

Return type

STRING

Code samples

Get a string value derived from an event with the lowest correlated int value in the match window.

// This rule sets the outcome $first_event to the lowest correlated int value
// in the 5 minute match window.
events:
 $e.user.userid = $userid
match:
 $userid over 5m
outcome:
  $first_event = window.first($e.metadata.timestamp.seconds, $e.metadata.event_type) // yields v1 if the events in the match window are 1, 2 and 3 and corresponding values v1, v2, and v3.