Compare Two Timestamps
Query
diff := endTime - startTime
| test(diff > duration("5m"))Introduction
The duration() function returns the number of
milliseconds for a given duration specification. This value can be used
as the basis for comparison for different values.
In this example, the duration() function is used to
compute a simple value to use in a comparison. The input data contains
the startTime and
endTime for an operation, to
determine whether the difference between the two exceeds a duration of 5
minutes.
Step-by-Step
Starting with the source repository events.
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Augment Data] 1[[Expression]] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
diff := endTime - startTimeDetermines the difference between the endTime and startTime; the fields should be in milliseconds (as they would be for an epoch or timestamp).
- flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Augment Data] 1[[Expression]] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;logscale
| test(diff > duration("5m"))Use the
test()function to determine if the computed difference is greater than a duration of 5 minutes. In this case,duration()returns 300,000. Event Result set.
Summary and Results
The duration() functions supports a more
convenient, and human-readable, method of defining a duration without
needing to explicitly calculate the comparison. This is particularly
useful when using parameters on a dashboard.