Minute (minute)
- Juan Tomás Alonso Nieto (Deactivated)
- Borja Moro Moreno
- Former user (Deleted)
Description
Returns the duration representation of 1 minute, or the minutes corresponding to a given timestamp. Optionally, you can check it in a time zone different than yours.
How does it work in the search window?
Select Create field in the search window toolbar, then select the Minute operation.
This operation can be applied with no arguments. In this case, you will get the duration representation of 1 minute (duration data type, 1m).
If you add the Timestamp argument, you will get the minutes considering your current timezone. Optionally, you can specify a different time zone adding the Time zone argument to see the minutes in that time zone (there are time zones with half hours).
Argument | Data type | Description |
|---|---|---|
Timestamp mandatory | timestamp | You can either select a field with that data type or introduce it manually. In case you want to introduce it, note that this value should be a date: Year-Month_Day Hour:Minute:Second.Millisecond (yyyy-MM-dd HH:mm:ss.SSS) → You can skip seconds and milliseconds. |
Time zone | string | You need a valid string format the app can recognize so it returns meaningful results. If you leave the field empty or introduce a value the app cannot recognize, the default Time Zone is UTC. You can use one of the following methods:
Be aware that some of the codes coincide, as CST could mean Central Standard Time or China Standard Time. In that case, it would be advisable to avoid using codes and introduce any of the other formats mentioned. |
The data type of the new field values will be integer and the values shown will be 0-59.
Be aware that timestamps taking place during summer will be affected in the time zones in which they set the clock forward during summer. For example, Europe/Madrid (CET-Central European Time), which is UTC+1, becomes UTC+2 during summertime and thus timestamps in August will be affected when using that time zone. Be also aware that summertime differs between the Northern and Southern Hemispheres.
Example
In the siem.logtrust.web.activity table, we want to create a field showing the minutes of the dates in our eventdate field. To do it, we will create a new field using the Minute operation.
The arguments needed to create the new field are:
Timestamp - eventdate field
Click Create field and you will see the following result:
The field shows 39 and 40 in the events that took place in those minutes, regardless of the seconds and milliseconds, which corresponds to the minutes shown in the eventdate field.
Now we want to create a field in the siem.logtrust.web.activity table to show in the Indian/Cocos time (UTC+6:30) the minutes of the dates in our eventdate field. To do it, we will create a new field using the Minute operation.
The arguments needed to create the new field are:
Timestamp - eventdate field
Time Zone - Indian/Cocos
Click Create field and you will see the following result:
The field shows 9 and 10 instead of 39 and 40 because in that time zone they are six hours and half ahead.
How does it work in LINQ?
Use the operator select... as... and add the operation syntax to create the new field. These are the valid formats for the Minute operation:
minute()→ Use this expression to get the representation of one minute in duration data type (1m).minute(timestamp) → Use this expression to get the minutes of the given timestamps, according to your current time zone.minute(timestamp, timezone_string) →  Use this expression to get the minutes of the given timestamps, according to the specified time zone.
Example
You can copy the following LINQ script and try the previous examples on the siem.logtrust.web.activity table.
from siem.logtrust.web.activity
select minute(eventdate) as eventdate_minutefrom siem.logtrust.web.activity
select minute(eventdate, "Indian/Cocos") as eventdate_minute_Indian