LogInsight event alert time range based on timestamps from alert mails.
Log Insight just found the following 7 events matching the criteria for alert "ESX/ESXi: Cannot power on a VM":
[2016-02-27 12:00:58.737+0000] [ScheduledQueryServiceThread/192.168.4.51 INFO] [com.vmware.loginsight.piql0.parser.PIQLParser] [Parsed legacy PIQL0 query: SELECT COUNT(item0) FROM ((timestamp>=1411786576066 & timestamp<=1411786876065) & text:"vmware esx cannot find the virtual disk") AS item0 GROUP BY item0.timestamp/5000.000000, item0.hostname ORDER BY item0.timestamp DESC, COUNT(item0) DESC LIMIT 1, 100]
[2016-02-27 12:00:58.737+0000] [ScheduledQueryServiceThread/192.168.4.51 INFO] [com.vmware.loginsight.piql0.parser.PIQLParser] [Parsed legacy PIQL0 query: SELECT item0 FROM ((timestamp>=1411786576066 & timestamp<=1411786876065) & text:"vmware esx cannot find the virtual disk") AS item0 ORDER BY item0.timestamp DESC]
[2016-02-27 12:00:58.737+0000] [ScheduledQueryServiceThread/192.168.4.51 INFO] [com.vmware.loginsight.piql0.parser.PIQLParser] [Parsed legacy PIQL0 query: SELECT COUNT(item0) FROM ((timestamp>=1411786576066 & timestamp<=1411786876065) & text:"vmware esx cannot find the virtual disk") AS item0 GROUP BY item0.timestamp/5000.000000, item0.hostname ORDER BY item0.timestamp DESC, COUNT(item0) DESC LIMIT 1, 100]
Example ....
1411786876065-1411786576066
$sec=1411786876065-1411786576066;
print $sec;
299999 seconds
$h = 299999/3600
print $h;
83.3330555555556 hours
$days=83.3330555555556/24;
print $days;
3.47221064814815 days
Log Insight just found the following 7 events matching the criteria for alert "ESX/ESXi: Cannot power on a VM":
[2016-02-27 12:00:58.737+0000] [ScheduledQueryServiceThread/1
[2016-02-27 12:00:58.737+0000] [ScheduledQueryServiceThread/1
[2016-02-27 12:00:58.737+0000] [ScheduledQueryServiceThread/1
Example ....
1411786876065-1411786576066
$sec=1411786876065-1411786576066;
print $sec;
299999 seconds
$h = 299999/3600
print $h;
83.3330555555556 hours
$days=83.3330555555556/24;
print $days;
3.47221064814815 days
