WINDOW
Apply aggregation or window functions over sliding windows of data.
Syntax
WINDOW assignmentClause [, assignmentClause]* [,]?
[BY groupClause [, groupClause]*] [,]?
[SORT sortExpression (, sortExpression)*] [,]?
[WITHIN withinExpression]?
Parameters
- assignmentClause - Aggregation function call or expression, optionally with assignment (
identifier = expression) - groupClause - Field or expression to partition the data by
- sortExpression - Field or expression to order rows within each partition, with optional
ASCorDESCdirection - withinExpression - Time range or row count defining the window size
Description
The WINDOW command applies aggregation or window functions over sliding windows of data,
computing results for each row based on a specified subset of surrounding rows.
Unlike AGG, which groups data into discrete buckets, WINDOW maintains the
original row structure while adding computed window function results.
The BY clause partitions the data into separate windows based on the grouping
expressions you specify. The SORT clause determines the ordering of rows
within each partition. The WITHIN expression defines the window size, which
you can specify as a relative interval (e.g., -5min, -1hr), a relative range
(-10min..-5min), or relative row count (e.g., -5r, 10rows).
All aggregation functions in a single WINDOW command use the same window
definition. Window function results are added as new fields to the existing
dataset structure.