setTimeInterval()

`setTimeInterval()`

setTimeInterval() can be used to set the query's time interval and related time settings from within the query string. When used, the query time specified in the query string will override the settings from the UI or query API.

Parameter	Type	Required	Default Value	Description
`end`	string,time point	optional^[a]	`now`	End time of query. When specified, it overrides the end time from the query API.
`start`^[b]	string,time point	required		Start time of query. When specified, it overrides the start time from the query API.
`timezone`	string,time zone name	optional^[a]		Time zone name. When specified, overrides the timezone set from the query API. For a list of timezone names, see the table “Supported Timezones”.
^[a]Optional parameters use their default value unless explicitly set. ^[b]The parameter name `start` can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

Omitted Argument Names
The argument name for start can be omitted; the following forms of this function are equivalent:
logscale Syntax
setTimeInterval(1d)
and:
logscale Syntax
setTimeInterval(start=1d)
These examples show basic structure only.

Using setTimeInterval() offers several advantages:

Query users can specify time ranges directly in query strings. The feature enables copying and sharing query strings with other users, who can recreate the search in different views and/or clusters (with different URLs).
Dashboard creators can specify time ranges in query strings. The feature allows setting the static time range for the widgets.

This is a metadata query function that does not process events. It is only used for setting the time interval and related metadata from within the query instead of through the Query Jobs API or the UI.

Using setTimeInterval() affects both the API and the UI, as follows.

The start and end parameters of the function override the Query Jobs APIend and start fields, meaning that a query like this:
logscale
```
groupBy([status_code, ip]
```
with start=7d and end=1d set in QueryInputJob, is equivalent to query:
logscale
```
setTimeInterval(start=7d, end=1d) 
| groupBy([status_code, ip]
```
When the Time field selection is set to @ingesttimestamp in the UI, then the query will be submitted to the QueryInputJob with input useIngestTime equal to true. In this scenario, the start and end parameters of setTimeInterval() will override the ingestStart and ingestEnd API fields.
When the Time field selection is set to @timestamp in the UI, then the query will be submitted to the QueryInputJob with input useIngestTime equal to false. In this scenario, the start and end parameters of setTimeInterval() will override the start and end API fields.

Using setTimeInterval() also overrides the time controls in the UI. See Change Time Interval and Shared Time Selector for more information.

Validation Rules/Known Limitations

The setTimeInterval() function requires specific validation rules for correct usage.

Must appear in the preamble of the query — that is, before any other functions, filters, free-text searches, etc.
Must appear before any defineTable() definitions.
Must appear at most once in a query.
Cannot appear inside join()/defineTable() subqueries. To set a different time range for the ad-hoc table/join subquery, use the start and end parameters that are supported in these functions.
Same restrictions as the API time interval apply, that is:
- In a live query start must be relative, and end must be now
- If the user has search limitations (for example, trial users can only search 7 days back), these limitations still apply
setTimeInterval() is only supported in ad-hoc searches and on dashboards. In particular, setTimeInterval() is not supported in:
- Triggers (aggregate alerts, filter alerts, legacy alerts, scheduled searches)
- Parsers
- Event Forwarders
- Redact Events API
- Filter prefix of a query such as repository filters, user filters, group filters (like any other query functions, which are equally not supported)
- Dashboard filters

`setTimeInterval()` Examples

Click + next to an example below to get the full details.

Set Time Interval From Within Query

Set the time interval and related metadata from within the query instead of through the QueryJobs API or UI

Query

logscale

setTimeInterval(start=7d, end=1d)

Introduction

In this example, the setTimeInterval() function is used to define a new time interval before running an ad-hoc query.

Step-by-Step

Starting with the source repository events.
logscale
```
setTimeInterval(start=7d, end=1d)
```
Sets a time interval to start 7 days ago from now and to end 1 day ago from now. As the timezone is not specified, it uses the system's default.
It is possible to explicitly set a timezone instead of using the system's default, in this example, the timezone is explicitly set to Europe/Copenhagen: setTimeInterval(start="1w@d", end="now@d", timezone="Europe/Copenhagen")
Event Result set.

Summary and Results

This query demonstrates how to use setTimeInterval() to define the timespand from within the query instead of through the QueryJobs API or UI.

Set Time Interval From Within Query with `defineTable()`

Set the time interval and related metadata from within the query instead of through the test QueryJobs API or UI using the defineTable() function

Query

logscale

setTimeInterval(start="1h", end="30min")
| defineTable(
start=7d,
end=1d,
query={...},
name="ended_queries")
| match(table="ended_queries", field=queryID, strict=true)

Introduction

In this example, the setTimeInterval() function is used with the defineTable() function to define a new time interval for the subqueries, before running this.

Note that the setTimeInterval() function must appear before any defineTable() definitions and only one time in a query.

Step-by-Step

Starting with the source repository events.
logscale
```
setTimeInterval(start="1h", end="30min")
```
Recalls the defineTable() subquery time interval. This means that the subquery will start at 7d+30min, and will end at 1d+30min.
logscale
```
| defineTable(
start=7d,
end=1d,
query={...},
name="ended_queries")
```
Generates an ad-hoc table named ended_queries and computes the relative time points to the primary query's time end time. This means that the subquery will start at 7d+30min, and will end at 1d+30min
logscale
```
| match(table="ended_queries", field=queryID, strict=true)
```
Joins the filtered events where the value equals queryID with the ended_queries table.
Event Result set.

Summary and Results

This query demonstrates how to use setTimeInterval() to define the timespan for a defined table query.

Data Analysis Overview

LogScale User Interface

Repositories & Views

Parsing Data

Searching Data

Writing Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Dashboards & Widgets

Automation

Template Language

Keyboard Shortcuts