Reputation: 1
Kusto how to use comparison operator with timespan
I need to write a query to see results that are over 15 days old. I have this code where I am getting the avg_duration in the timespan format (15.04:01:02). I want to now filter based off of avg_duration to only return results over 15 days old.
| summarize arg_max(TimeGenerated, *) by ResourceId, RecommendationId, Severity
| order by RecommendationId asc, TimeGenerated asc
| extend duration = iff(RecommendationId == prev(RecommendationId), TimeGenerated - prev(TimeGenerated), 0s)
| summarize avg(duration) by ResourceId, RecommendationId, Severity
| where avg_duration >= "15.0:0:0"
When I run this in log Analytics I get the error "Cannot compare values of types timespan and long. Try adding explicit casts". Any ideas how I can filter timespan?
Upvotes: 0
Views: 1949
Answers (2)
Reputation: 11338
If by trying the proposed solution you are also facing The operator '>' is not defined for the operand types datetime and timespan.(KS106) when trying to apply arithmetic operators directly on your datetime field,
here is an alternative:
yourDateSource
| where yourDateTimeColumn > now(-1h)
The snippet above will return records from the last hour only.
Upvotes: 0
Related Questions
- Make the value return timespan(0), if rows not available or condition is not met in Kusto?
- Kusto query help for Time chart
- Kusto Query to Filter and calculate the Time difference between rows
- compare just time part from datetime in kql
- Kusto calculate the minutes since last event
- Date time difference within a column (Kusto Query Language)
- How to compare two Timestamp In kusto
- how to extract time difference between two requests using KUSTO
- Azure Data Explorer Kusto: group by with difference in datetime
- How to summarize time window based on a status in Kusto