Contribute in GitHub:
Edit online
The timespan data type
The timespan (time) data type represents a time interval.
timespan literals
Literals of type timespan have the syntax timespan(value), where a number of formats are supported for value, as indicated by the following table:
| Value | Length of time |
|---|---|
2d |
2 days |
1.5h |
1.5 hour |
30m |
30 minutes |
10s |
10 seconds |
0.1s |
0.1 second |
100ms |
100 millisecond |
10microsecond |
10 microseconds |
1tick |
100ns |
time(15 seconds) |
15 seconds |
time(2) |
2 days |
time(0.12:34:56.7) |
0d+12h+34m+56.7s |
The special form time(null) is the null value.
timespan operators
Two values of type timespan may be added, subtracted, and divided. The last operation returns a value of type real representing the fractional number of times one value can fit the other.
Examples
The following example calculates how many seconds are in a day in several ways:
print
result1 = 1d / 1s,
result2 = time(1d) / time(1s),
result3 = 24 * 60 * time(00:01:00) / time(1s)
Results
| result1 | result2 | resiult3 |
|---|---|---|
84600 |
84600 | 84600 |
Example
The following query shows how the field "original_time" can be converted to a datetime format.
events_all
| project data_source_name, unix_time = original_time
| where unix_time > ago(4d)
| summarize Data= data_source_name, Time = bin(unix_time, 60)
| order by Time desc
| take 1
Results
| Data | Time |
|---|---|
ciscoASASource2 |
1683629760000 |