Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Current »

Synopsis

Displays the time between the first and last event in a group.

Syntax

time

Required Arguments

None

Optional Arguments

<date-column-name>
<date-column-name-format>

Description

Shows the unformatted amount of time between the first and last event in a group - calculated by default based on the log event's main date field. Should be formatted and displayed in time format.

Note: The default time is counted in milliseconds.

Examples

Example 1:  

* in log.access | time | display time in time format

Displays the time between the first and last event in log access in time format.

Example 2:  

10.10.10.10 in log.access | time | display time in time format

Displays the time between the first and last event with client IP 10.10.10.10 in log access in time format.

Example 3:  

* in log.access | time originalTimeStamp ("MM/dd/yyyy HH:mm:ss.SSS") | display time in time format

Displays the time between the first and last event in log access based on the values of the specified log column originalTimeStamp (not the event's main date field) which has the specified date format "MM/dd/yyyy HH:mm:ss.SSS" in time format.

 

  • No labels