Gill-Bates
Reputation: 679
Kusto: How to filter Logs in a certain time period?
I want to filter SignIn-Logs with Kusto whose timestamps are only between 6pm and 6am.
Something like that
SignInLogs
| where TimeGenerated between(dateStart .. dateEnd)
All examples I have found are always based on a full timestamp with exact date, like (2014-05-25T08:20:03.123456Z). But I am only interested in the time.
Any idea how to solve this?
Upvotes: 1
Views: 10043
Answers (1)
Harshitha Veeramalla
Reputation: 1753
Kusto: How to filter Logs in a certian time period?
- between operator - Filters a record set for data that falls within an inclusive range of values.
- between is used to allow a certain range, but you can also use !between to exclude a time range.
- Here Iam excluding from 6 am to 6 pm , so it gives the left over time range i.e.. from 6pm to 6 am
Try the below query
SignInLogs
| where TimeGenerated > ago(1d)
| extend hour = datetime_part("hour", TimeGenerated)
| where hour !between (6 .. 18)
Upvotes: 5
Related Questions
- Azure Log Analytics - How to view logs from last x days but only between certain hours?
- How to write a Kusto query to get previous month logs in sentinel?
- Kusto query language - How to get exactly logs from previous day 7
- How better I can optimize this Kusto Query to get my logs
- Kusto query to get percentage value of events over time
- Start and End Times by OperationName in Kusto?
- Determine duration of events in Kusto?
- How to efficiently filter Azure (kusto) container logs
- How do I write a Kusto query that uses a regex to filter on a where clause
- Azure Log analytics to query based on dates