Home > Back-end >  Kusto query to exclude results from a certain time (Ex. Thursday from midnight-2am EST)
Kusto query to exclude results from a certain time (Ex. Thursday from midnight-2am EST)

Time:01-20

I am newer to KQL and I am trying to write a query against configuration changes made to files with an extension of ".config" and would like to remove results that are generated under the "TimeGenerated [UTC]" column. The results should exclude Thursday's from midnight- 2am EST. Would someone be able to assist me in writing this? Not sure how to write it up as to have it return the results that exclude the specific time frame. Below is what I have so far:

ConfigurationChange
| where ConfigChangeType in("Files")
| where FileSystemPath contains ".config"
| sort by TimeGenerated
| render table

CodePudding user response:

Try adding the following filter, using dayofweek() and hourofday().

Note: The example below works in UTC. You can add the current offset of UTC -> EST to TimeGenerated as part of the filter

ConfigurationChange
| where dayofweek(TimeGenerated) != 6d and hourofday(TimeGenerated) !in(0, 1) // <---
| where ConfigChangeType in ("Files")
| where FileSystemPath contains ".config"
| sort by TimeGenerated
| render table

Page link:https//www.codepudding.com/Backend/269971.html

Prev:Timestamp to relative time; Eg: 45 minutes and 3 seconds ago
Next:Trying to convert influxdb timestamp in a csv to date and time columns
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding