hello @ITWhisperer 

one more thing when it is 07/19/2022 12:16:48.303 it should round to 07/19/2022 12:20:00.000
and when it is  07/19/2022  00:30:48.303 it should round to 00:40:00.000

i tried this way
|eval file_time=strptime(filetime,"%m/%d/%Y %H:%M:%S.%Q")
| eval time=relative_time(file_time,"+10m@m")
|eval fileTime=strftime(time,"%m/%d/%Y %H:%M:%S.%Q")
| table filetime file_time time fileTime

but i got
07/18/2022 22:40:32.795 ->07/18/2022 22:50:00.000
07/18/2022 22:44:37.611 -> 07/18/2022 22:54:00.000 here it should round to 07/18/2022 22:50:00.000

Perhaps that's because you didn't do exactly as I suggested?

@ITWhisperer  I just copy the same  you gave  and change the field name that's it.
yes the field is in string format so i converted it to date format yet 10@10m  isn't working

@ITWhisperer 

Thanks for the help.it works fine

Can I know what is 600 we are taking

There are 600 seconds in 10 minutes - the bin takes the time back to the start of the 10 minute bucket; you wanted the end of the bucket, hence the additional 600 seconds

Hello @ITWhisperer 

not giving any results

Is filetime a string?