Administration Guide › Queries and Reports › How to Create a Query › How to Set Result Conditions › Set a Time or Date Range

Set a Time or Date Range

You can set a time or date range condition for your query. This improves the efficiency of your query by narrowing the portion of the event log store it must search.

You can use a predefined time range, or create a custom time range. For a custom time range to work properly you must set both a beginning and end time. If you only set a single time parameter, it is expressed as a "Where" clause in the query SQL.

To set result conditions

1. Open the result conditions dialog.
2. If you are creating a scheduled report job or action alert job, click the Events or Incidents tab to set the appropriate filter type. Since a report or alert job may contain both event and incident queries, you can set the filter types separately.
3. Select a predefined time range from the drop-down list. For example, if you want to view events received in the last day, select "previous day".

   Note: If you are creating an action alert or scheduled report, the interface displays the following default time ranges:

   • Action Alert: the previous 5 minutes
   • Scheduled Report: the previous 6 hours
4. (Optional) Create a custom time range using the following substeps:
   1. Click Edit beside the 'Dynamic End Time' entry field in the Date Range Selections area. This lets you set the end of the time period you want the query to search.

      The Dynamic Time Specification dialog appears.

   2. Select the reference time you want to base the parameter on, and click Add.
   3. Select the time parameter you want, and click Add. You can add multiple time parameters.
   4. When you are finished adding parameters, click OK.

      The Dynamic Time Specification dialog closes, and the values you choose appear in the 'Dynamic End Time' area. If you use multiple parameters, they form a complete time statement, with each parameter referring to the first. For example, adding the 'Start of the Month,' and 'Day of the Week - Tuesday' values in the 'Dynamic End Time' area will end your query on the first Tuesday of the month.

      Note: When using the 'Number of' values, such as 'Number of days' or Number of hours' you must enter a negative number to set a time in the past. Using a positive number will set a future end time, and cause the query to continue sending results as long as at least one qualified event is in the log store.

      For example, adding the 'now,' and 'number of minutes -10' values to the 'Dynamic Start Time' area starts your query 10 minutes before the selected end time.

   5. Repeat step 2 in the 'Dynamic Start Time' area to set the beginning of the time period you want the query to search.

   If you do not enter a date range, the query is applied all events in the log store. If you enter an invalid date range, your query might not return any results.

5. Click the appropriate arrow to advance to the Query Design step you want to complete next, or click Save and Close.

   If you click Save and Close the new query appears in the Query List, otherwise the Query Design step you choose appears.

More information:

How to Set Result Conditions

Set Display and Group Conditions