kqlazure-log-analytics
Kusto: How to filter Logs in a certain time period?
I want to filter SignIn-Logs with Kusto whose timestamps are only between 6pm and 6am.
Something like that
SignInLogs
| where TimeGenerated between(dateStart .. dateEnd)
All examples I have found are always based on a full timestamp with exact date, like (2014-05-25T08:20:03.123456Z). But I am only interested in the time.
Any idea how to solve this?
Solution
Kusto: How to filter Logs in a certian time period?
- between operator - Filters a record set for data that falls within an inclusive range of values.
- between is used to allow a certain range, but you can also use !between to exclude a time range.
- Here Iam excluding from 6 am to 6 pm , so it gives the left over time range i.e.. from 6pm to 6 am
Try the below query
SignInLogs
| where TimeGenerated > ago(1d)
| extend hour = datetime_part("hour", TimeGenerated)
| where hour !between (6 .. 18)
- How can I close over variables in kdb/Q?
- When is the EACH operator extension necessary in K besides mod/rotate?
- Handling single-character strings - in a function or in its caller? ssr()
- Kdb+ data fomat when writing to a file
- How to convert a symbol to a string in kdb+?
- Sum of each two elements using vector functions
- A dictionary with a single value and multiple keys
- Table transformation, table as list of dicts
- Accumulator gives different result then direct function applying
- Reshape [cols;table]
- FK field over IPC
- Protected execution, 2 cases
- Enums for tables
- Converge (fixed point) syntax difference in q and k
- .Q.trp and bt handling
- NULLs in q and in k.h
- Strange view declaration behaviour
- How to build a parse-tree of projections?
- Could not evaluate manually created equial ~ parse tree
- Select distinct for all columns from keyed table
- Parallel execution: blocking receive, deferred synchronous
- Multiple variable assignment in q
- Select a table from the inside of external select
- Select when one of filter-column may not exists
- What is the meaning of `s attribute on a table?
- On parallel execution - which side reports about an error?
- Validate if a keyed table have unique keys
- Applying dictionary to dictionary
- About xkey implementation
- Parse tree built on values from vars