ago()ago()
从当前 UTC 时钟时间减去给定时间跨度。Subtracts the given timespan from the current UTC clock time.
ago(1h)
ago(1d)
与 now() 类似,此函数可在语句中多次使用,并且所有实例化引用的 UTC 时钟时间均相同。Like now(), this function can be used multiple times in a statement and the UTC clock time being referenced will be the same for all instantiations.
语法Syntax
ago(a_timespan)ago(a_timespan)
参数Arguments
- a_timespan:要从当前 UTC 时钟时间 (
now()) 减去的间隔。a_timespan : Interval to subtract from the current UTC clock time (now()).
返回Returns
now() - a_timespan
示例Example
过去一小时内具有时间戳的所有行:All rows with a timestamp in the past hour:
T | where Timestamp > ago(1h)