1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ XQL Language Reference
    5. XQL Functions Reference
    6. extract_time

    extract_time

    Cortex XDR XQL extract_time() function returns a specified portion of a timestamp.

    Synopsis

    extract_time (<
    timestamp
    >, <
    part
    >)

    Description

    The
    extract_time()
     function returns a specified part of a timestamp. The
    part
     parameter must be one of the following keywords:
    • DAYOFYEAR
    • DAY
    • DAYOFWEEK
    • HOUR
    • MINUTE
    • SECOND
    • MILLISECOND
    • MICROSECOND
    For example: 
    dataset = xdr_data 
| alter timepart = extract_time(current_time(), "HOUR") 
| fields timepart 
| limit 1

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo