extract_time
Cortex XDR XQL extract_time() function returns a specified portion of a timestamp.
Synopsis
extract_time (<timestamp>, <part>)
Description
The
extract_time()
function returns
a specified part of a timestamp.
The part
parameter must be one of the following
keywords:
- DAYOFYEAR
- DAY
- DAYOFWEEK
- HOUR
- MINUTE
- SECOND
- MILLISECOND
- MICROSECOND
For example:
dataset = xdr_data | alter timepart = extract_time(current_time(), "HOUR") | fields timepart | limit 1
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.
