between - Select events between two time expressions
The between
keyword specifies a date range on which a query on logs
or spans
should operate.
NOTE: The between
keyword will work on any time expression, but the result of the expression must be of type timestamp
.
Syntax
Example - Two literal timestamps
The between
keyword allows users to scope their query to a specific timerange. The simplest example of this is to use two timestamp
literals:
NOTE: The @
symbol before the timestamps indicates that these values are timestamp literals.
Example - Comparing to a different time frame than the wider dashboard
The between
timestamp works well with the $p
JSON prefix, which contains the time range in the UI. For example, we have a dashboard that operates over the last 24 hours, but we wish to compare it to the previous 24 hours before that. We can do this, using the between
command and some timestamp expressions:
Example - Always comparing to the prior 24 hours, no matter the query
Using the between
keyword, we can always compare a given timeframe, with relation to the current time, even if the dashboard query changes. In this query, we will always query data from the past 24 hours, no matter what the time range is set to.
NOTE: The @'now'
is a timestamp literal for the current time.
Try it yourself
Open up your Coralogix explore screen and paste in the following query: