`between`

Description

The between keyword specifies a date range on which a query on logs or spans should operate.

Note

The between keyword will work on any time expression, but the result of the expression must be of type timestamp.

Syntax

source (logs|spans) between <time-expression> and <time-expression>

Example 1

The between keyword allows users to scope their query to a specific timerange. The simplest example of this is to use two timestamp literals:

Example query

source spans between @'2024-10-14T00:00:00Z' and @'2024-10-15T00:00:00Z'

Example 2

The between timestamp works well with the $p JSON prefix, which contains the time range in the UI. For example, we have a dashboard that operates over the last 24 hours, but we wish to compare it to the previous 24 hours before that. We can do this, using the between command and some timestamp expressions:

Example query

source logs between $p.timeRange.startTime - 48h and $p.timeRange.endTime - 24h

Example 3

Using the between keyword, we can always compare a given timeframe, with relation to the current time, even if the dashboard query changes. In this query, we will always query data from the past 24 hours, no matter what the time range is set to.

Example query

source logs between @'now' - 24h and @'now'

Note

The @'now' is a timestamp literal for the current time.

Previous around

Next last