Table of Contents | ||||
---|---|---|---|---|
|
...
How does it work in the search window?
Select Create column field in the search window toolbar, then select the Daynumber operation.
If you only add the Timestamp argument, you will get the day number considering your current timezone. Optionally, you can specify a different time zone adding the Time zone argument to see the day of the month in the specified time zone. When assigning a time zone different to yours, pay special attention to the original timestamp of the event, as the result may imply a day shift in the time zone specified.
Argument | Data type | Description | ||
---|---|---|---|---|
Timestamp mandatory | timestamp | You can either select a column field with that data type or introduce it manually. In case you want to introduce it, note that this value should be a date: Year-Month_Day Hour:Minute:Second.Millisecond (yyyy-MM-dd HH:mm:ss.SSS) → You can skip seconds and milliseconds. | ||
Time zone | string | You need a valid string format the app can recognize so it returns meaningful results. If you leave the field empty or introduce a value the app cannot recognize, the default Time Zone is UTC. You can use one of the following methods:
|
The data type of the new column field values will be integer and the values shown will be 1-31.
Info |
---|
Be aware that timestamps taking place during summer will be affected in the time zones in which they set the clock forward during summer. For example, Europe/Madrid (CET-Central European Time), which is UTC+1, becomes UTC+2 during summertime and thus timestamps in August will be affected when using that time zone. Be also aware that summertime differs between the Northern and Southern Hemispheres. |
Example
In the siem.logtrust.web.activity
table, we want to create a column field that indicates the day of the month of the dates in our eventdate column field. To do it, we will create a new column field using the Daynumber operation.
The arguments needed to create the new column field are:
Timestamp - eventdate columnfield
...
Let's say we need to adapt the time zone to Central European. Click New Argument to specify a Time Zone.
Click the pencil icon and specify the time zone (CET or Central European Time) or any other.
Click Create columnfield and you will see the following result:
...
Use the operator select
... as
... and add the operation syntax to create the new columnfield. These are the valid formats for the Day of the week operation:
daynumber(timestamp)
→ Use this expression to get the day of the month corresponding to the given timestamps, according to your current time zone.daynumber(timestamp, timezone_string)
→ Use this expression to get the day of the month corresponding to the given timestamps, according to the specified time zone.
Example
You can copy the following LINQ script and try the above example on the siem.logtrust.web.activity
table.
Code Block |
---|
from siem.logtrust.web.activity select daynumber(eventdate, "CET") as eventdate_day_number |
...