Contribute in GitHub:
Edit online
!between operator
Matches the input that is outside the inclusive range.
Table1 | where Num1 !between (1 .. 10)
Table1 | where Time !between (datetime(2017-01-01) .. datetime(2017-01-01))
!between can operate on any numeric, datetime, or timespan expression.
Syntax
T | where expr !between (leftRange..rightRange)
If expr expression is datetime - another syntactic sugar syntax is provided:
T | where expr !between (leftRangeDateTime..rightRangeTimespan)
Arguments
- T - The tabular input whose records are to be matched.
- expr - the expression to filter.
- leftRange - expression of the left range (inclusive).
- rightRange - expression of the right range (inclusive).
Returns
Rows in T for which the predicate of (expr < leftRange or expr > rightRange) evaluates to true.
Examples
Filter numeric values
range x from 1 to 10 step 1
| where x !between (5 .. 9)
Results
| x |
|---|
| 1 |
| 2 |
| 3 |
| 4 |
| 10 |
Filter datetime
events
| where original_time !between (datetime(2023-01-27) .. datetime(2023-07-30))
| count
| Count |
|---|
| 58590 |
events
| project a=src_ip, src_port, dst_ip, dst_port, payload
| where isnotempty(src_port)
| where src_port !between (1 .. 10)
| count
Results
| Count |
|---|
| 58590 |