Synopsis

Classifies the search query result events into time buckets of the specified time period.

Syntax

^{interval N [milliseconds, seconds,minutes,days,weeks,months] starting TIME}

Required Arguments

^N

^{Syntax: <numeric value>}

Description: The number of units of time into which to classify the search query result events

^{Unit of time}

Syntax: milliseconds, seconds, minutes, days, weeks, or months

Description: The unit of time into which to classify the search query result events

Optional Arguments

starting TIME
Syntax: <start time>

Description: The start time of the interval

Description

Classifies the search query results according to time period. Must be preceded by a function.

Examples

Example 1:  

^{* in log.access | count | interval 1 day} 

From the events in access log, shows the number of events per day starting at 00:00:00.

Example 2:  

^{* in log.access | count | interval 1 day starting 08:00:00}

From the events in access log, shows the number of events per day starting at 08:00:00.

Example 3:  

^{* in log.memoryUsage | avg usage | interval 50 milliseconds}

From the events in memoryUsage log, shows the average of used memory (usage) in 50 milliseconds interval.