queryEndTime Search Operator
The queryEndTime()
operator returns the end time of the search time range in milliseconds. You can use it in combination with queryStartTime()
to establish times and ranges for your non-continuous queries.
note
For dashboards in live mode or real time scheduled searches queryTimeRange()
is a more suitable option. In most cases the results would still be the same as using queryStartTime()
and queryEndTime()
, but the latter can be off from the real range by a few milliseconds.
Syntax​
queryEndTime() as <field>
Rules​
- An alias is required.
Examples​
To get a duration of your query:
error
| (queryEndTime() - queryStartTime()) as duration
To list start time, end time, and duration:
error
| queryStartTime() as starttime
| queryEndTime() as endtime
| (endtime - starttime) as duration