QueryTimestampType is an enumerated list of timestamp types to use for a query.

This enumerated datatype, besides being used by some core datatypes, is used by three main datatypes. First, there's the input datatype, CreateAggregateAlert, which is used by the createAggregateAlert() mutation. Second is the input datatype, CreateScheduledSearchV2, which is used by the createScheduledSearchV2() mutation field. The third main datatype, AggregateAlert, is used by several mutation fields: createAggregateAlert(); updateAggregateAlert(); disableAggregateAlertV2(); enableAggregateAlertV2(); and a few others, as well as some common datatypes.

Table: QueryTimestampType

ParameterTypeRequiredDefaultStabilityDescription
Some arguments may be required, as indicated in the Required column. For return datatypes, this indicates that you must specify which fields you want returned in the results.
Table last updated: May 9, 2025
EventTimestamp   Long-TermThe @timestamp is used for the query.
IngestTimestamp   Long-TermThe @ingesttimestamp is used for the query.