Set Time Interval From Within Query with defineTable() | LogScale Query Examples

Set Time Interval From Within Query with `defineTable()`

Set the time interval and related metadata from within the query instead of through the test QueryJobs API or UI using the defineTable() function

Query

logscale

setTimeInterval(start="1h", end="30min")
| defineTable(
start=7d,
end=1d,
query={...},
name="ended_queries")
| match(table="ended_queries", field=queryID, strict=true)

Introduction

The setTimeInterval() function can be used to set the time interval and related metadata from within the query instead of through the QueryJobs API or the UI. The time settings of the setTimeInterval() function will overwrite whatever was specified in the QueryJobs API or UI. setTimeInterval() must appear in the preamble of the query, before any other functions, filters, free-text searches, etc. It cannot appear inside join()/defineTable() subqueries.

In this example, the setTimeInterval() function is used with the defineTable() function to define a new time interval for the subqueries, before running this.

Note that the setTimeInterval() function must appear before any defineTable() definitions and only one time in a query.

Step-by-Step

Starting with the source repository events.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Preamble] 1@{ shape: win-pane, label: "Table" } 2[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> 2 2 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
setTimeInterval(start="1h", end="30min")
```
Recalls the defineTable() subquery time interval. This means that the subquery will start at 7d+30min, and will end at 1d+30min.
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Preamble] 1@{ shape: win-pane, label: "Table" } 2[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> 2 2 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
| defineTable(
start=7d,
end=1d,
query={...},
name="ended_queries")
```
Generates an ad-hoc table named ended_queries and computes the relative time points to the primary query's time end time. This means that the subquery will start at 7d+30min, and will end at 1d+30min
flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0>Preamble] 1@{ shape: win-pane, label: "Table" } 2[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> 2 2 --> result style 2 fill:#ff0000,stroke-width:4px,stroke:#000;
logscale
```
| match(table="ended_queries", field=queryID, strict=true)
```
Joins the filtered events where the value equals queryID with the ended_queries table.
Event Result set.