Create time buckets for the given table of a specified length. Each event is assigned to a time bucket based on its start and end time. The start time of the bucket is saved in lhub_start_ts and the end time of the bucket is saved in lhub_end_ts for each event.
Operator Usage in Easy Mode
Click + on the parent node.
Enter the Time Bucket operator in the search field and select the operator from the Results to open the operator form.
In the Table drop-down, enter or select a table to apply the operator.
In the Bucket Def, enter an integer along with a time unit that defines a timebucket.
Click Run to view the result.
Click Save to add the operator to the playbook.
Click Cancel to discard the operator form.
Usage Details
LQL Command
| Code Block |
|---|
timeBucket(table, bucketDef) |
...
Output
The input table with lhub_start_ts and lhub_end_ts columns added.
Example
Input
table
lhub_ts |
|---|
11/30/2017 23:35:29 |
11/30/2017 23:35:44 |
11/30/2017 23:35:54 |
...