ago()
Subtracts the given timespan from the current UTC time.
Like now(), if you use ago() multiple times in a single query statement, the current UTC time
being referenced is the same across all uses.
Syntax
ago(timespan)
Learn more about syntax conventions.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| timespan | timespan |
✔️ | The interval to subtract from the current UTC clock time now(). For a full list of possible timespan values, see timespan literals. |
Returns
A datetime value equal to the current time minus the timespan.
Example
All rows with a timestamp in the past hour:
T | where Timestamp > ago(1h)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for