name

Sequence display name

sequence_options

Syntax: [field = <field_name>][span = <int><timescale>] [maxpause = <int><timescale>]

• field: Timestamp field to sort the log records. If not specified, Time is used.
• span: Length of time to search for the matching log records
• maxpause: Maximum distance between two log records when performing match
• timescale: <sec> | <min> | <hour> | <day> | <week> | <mon>

  sec: Permitted values for this parameter include s, sec, secs, second, and seconds.

  min: Permitted values for this parameter include m, min, mins, minute, or minutes.

  hour: Permitted values for this parameter include h, hr, hrs, hour, and hours.

  week: Permitted values for this parameter include w, week, and weeks.

  month: Permitted values for this parameter include mon, month, and months.

match_rules

Syntax: <match_rule> [then <match_rule> ...] | between <match_rule> and <match_rule>

match_rule: <subquery> { <min_match> [,<max_match>] }

• subquery: Subquery to match the log records
• min_match: Minimum number of matches
• max_match: Maximum number of matches

output_fields

The fields to return in the result

Syntax: <field_name> [as <new_name>]