Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 6 Current »

Synopsis

Classifies the search query result events into time buckets of the specified time period.

Syntax

interval N [seconds,minutes,days,weeks,months] starting TIME

Required Arguments

N
Syntax: <numeric value>

Description: The number of units of time into which to classify the search query result events

Unit of time

Syntax: seconds, minutes, days, weeks, or months

Description: The unit of time into which to classify the search query result events

Optional Arguments

starting TIME
Syntax: <start time>

Description: The start time of the interval

Description

Classifies the search query results according to time period. Must be preceded by a function.

Examples

Example 1:   

* in log.access | count | interval 1 day 

From the events in access log, shows the number of events per day starting at 00:00:00.

Example 2:   

* in log.access | count | interval 1 day starting 08:00:00

From the events in access log, shows the number of events per day starting at 08:00:00.

 

  • No labels