Create variables for timestamp calculations
Problem / use case
You want to define intermediate values in your DataPrime query, like a parsed timestamp or a calculated time difference, so you can reuse or manipulate them later in the query. Use parseTimestamp and formatInterval.
Query
source logs
| filter @timestamp != null
| create parsed_time from parseTimestamp(@timestamp:string)
| create seconds_since_event from (now() - parsed_time).formatInterval('s')
Explanation
This query creates two variables:
parsed_time: a reusable timestamp field, created once and referenced later.seconds_since_event: a calculated interval using that variable, formatted for readability.
Using create this way improves clarity, avoids repeated expressions, and lets you chain logic step-by-step.
Output
{
"timestamp": "2025-05-26T13:59:57.32905204Z",
...,
"parsed_time": 1748267997329052200,
"seconds_since_event": "77174s615ms947us960ns"
}
Variations
Add a label for events that happened more than 5 minutes ago:
Output
{
"timestamp": "2025-05-26T13:59:57.32905204Z",
...,
"parsed_time": 1748267997329052200,
"seconds_since_event": "77174s615ms947us960ns",
"is_old_event": true, // will be true or false depending on how old the log is
"parsed_time": 1748249999747348700,
"seconds_since_event": "95373s327ms651us193ns",
}
Truncate or format the timestamp:
Output
{
"timestamp": "2025-05-26T13:59:57.32905204Z",
...,
"parsed_time": 1748267997329052200,
"seconds_since_event": "77174s615ms947us960ns",
"is_old_event": true,
"parsed_time": 1748249999747348700,
"readable_time": "08:59:59",
"seconds_since_event": "95373s327ms651us193ns",
}
TL;DR
Use create <name> from <expression> to define reusable variables in your query. This keeps complex logic readable and avoids repeating expressions like parseTimestamp(@timestamp).
Previous 
Parsing date strings
Parsing date strings Next Convert a timestamp
Theme 
Light
light
dark
Light light dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal