Document toolboxDocument toolbox

Midnight (midnight)

Owned by Borja Moro Moreno
Last updated: May 16, 2023
4 min read
[ 1 Description ] [ 2 How does it work in the search window? ] [ 3 How does it work in LINQ? ]

Description

Returns the timestamp of the start of the day, corresponding to a given timezone. Optionally, you can check it in a time zone different than yours.

How does it work in the search window?

Select Create field in the search window toolbar, then select the Midnight operation.

If you add the Timestamp argument, you will get the hours considering your current timezone. Optionally, you can add the Time zone argument to see the hours in the specified time zone.

Argument

Data type

Description

Argument

Data type

Description

Date mandatory

timestamp

You can either select a field with that data type or introduce it manually.

In case you want to introduce it, note that this value should be a date: Year-Month_Day Hour:Minute:Second.Millisecond (yyyy-MM-dd HH:mm:ss.SSS) → You can skip seconds and milliseconds.

Time zone

string

You need a valid string format the app can recognize so it returns meaningful results. If you leave the field empty or introduce a value the app cannot recognize, the default Time Zone is UTC. You can use one of the following methods:

  1. A time zone code→ UTC, PST, CST, etc. Check the full list here.

  2. The time zone database name → America/Los_Angeles, Europe/Amsterdam, Asia/Tokyo, etc. For the full list, see here.

  3. The full name of the time zone →  Universal Time Coordinated, Pacific Standard Time, Central Standard Time, etc. Check the full list here.

  4. The name of the region as it appears in Devo → Asia/Shanghai, Europe/Athens, America/New York, etc. You can check the time zone codes and region names in the Configure Timezone window in Devo.

Be aware that some of the codes coincide, as CST could mean Central Standard Time or China Standard Time. In that case, it would be advisable to avoid using codes and introduce any of the other formats mentioned.

The data type of the new field values will be timestamp.

Be aware that timestamps taking place during summer will be affected in the time zones in which they set the clock forward during summer. For example, Europe/Madrid (CET-Central European Time), which is UTC+1, becomes UTC+2 during summertime and thus timestamps in August will be affected when using that time zone. Be also aware that summertime differs between the Northern and Southern Hemispheres.

Example

In the siem.logtrust.web.activity table, we want to create a field showing the start of the day of the dates in our eventdate field. To do it, we will create a new field using the Midnight operation.

The arguments needed to create the new field are:

  • Timestamp - eventdate field

Click Create field and you will see the following result:

Let's say we are in European time and want to create a field in the siem.logtrust.web.activity table to show Los Angeles midnight. To do it, we will create a new field using the Midnight operation.

The arguments needed to create the new field are:

  • Timestamp - eventdate field

  • Time Zone - America/Los_Angeles

Click Create field and you will see the following result:

  • The field shows 9:00 because at 9:00 European time it will turn midnight LA time.

How does it work in LINQ?

Use the operator select... as...  and add the operation syntax to create the new field. These are the valid formats for the Midnight operation:

  • midnight() → Use this expression to get the representation of midnight.

  • midnight(timestamp)  → Use this expression to get midnight of the given timestamps, according to your current time zone.

  • midnight(timestamp, timezone_string)  →  Use this expression to get midnight of the given timestamps, according to the specified time zone.

Example

You can copy the following LINQ script and try the previous examples on the siem.logtrust.web.activity table.

from siem.logtrust.web.activity select midnight(eventdate) as Midnight, midnight(eventdate, "America/Los_Angeles") as `Midnight America`

Â