between
Description
The between keyword specifies a date range on which a query on logs or spans should operate.
Note
The between keyword will work on any time expression, but the result of the expression must be of type timestamp.
Syntax
Example 1
The between keyword allows users to scope their query to a specific timerange. The simplest example of this is to use two timestamp literals:
Example query
Example 2
The between timestamp works well with the $p JSON prefix, which contains the time range in the UI. For example, we have a dashboard that operates over the last 24 hours, but we wish to compare it to the previous 24 hours before that. We can do this, using the between command and some timestamp expressions:
Example query
Example 3
Using the between keyword, we can always compare a given timeframe, with relation to the current time, even if the dashboard query changes. In this query, we will always query data from the past 24 hours, no matter what the time range is set to.
Example query
Note
The @'now' is a timestamp literal for the current time.