now Search Operator
now returns the current epoch time in milliseconds. It can be used with the formatDate operator to get the formatted current time.
It is important to note that the Now operator outputs the exact time (down to the millisecond) each and every time it is executed. This means that if you use now with every message in a search, it will return slightly different results in every message, as messages are not all processed by your search at once.
Return the current date
This query returns a long version of the current date and time in milliseconds.
* | now() as current_date
Which returns results similar to:
Return the current date using formatDate
Use the following query with formatDate to return results for the current date formatted as YYYY-MM-dd.
* | formatDate(now(), "YYYY-MM-dd") as today
This returns the following results.
For more examples, see formatDate operator.