Splunk AppDynamics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Date functions

CommunityUser
Splunk Employee
Splunk Employee
‎07-31-2018 12:47 AM

Hello,

I want to use date functions in search in order to :

- filter certain hours (for exemple between 12AM and 2 PM)

- filter days of the week (for exemple monday)

how can I extract part of timestamp to do this ?

I can't use the Custom Time Range cause I want a large periode (a month).

Thank you for your response

Marie-Laure

Labels (1)
Labels
0 Karma
Reply

Chitra_Lal
Contributor
‎07-31-2018 09:41 AM

Hi Marie-Laure,

We don't have a date function in ADQL, instead we use the UNIX timestamps. However with Custom Time Range option available on the dashboards too you should be able to see 1 month time range data without any issues(provided that you have data retention of last 1 month or greater so that the data exists at the backend and isn't rolled over). Could you please let us know what issue you are facing trying to use custom time ranges so that we may try to see if there is a possible solution.

In any case if that doesn't work for you, you may try using the ADQL query with UNIX eventtimestamp range and get 1 month data. So assuming you have data retention for the required time period, you can run an ADQL query like below:

SELECT series(eventTimestamp, '30d', 1530403200, 1533054268), distinctcount(sessionguid) FROM web_session_records WHERE appkey = "AD-AAB-AAF-XCP" LIMIT 500

 This should show you results for 1 month range as passed in your query.image.png

Please note that these time stamps are in UNIX (Epoch timestamp), so you'll need to use appropriate conversion for whatever range you want.

Note2: You can limit your searches for better pagination if larger sets of data if needed to be queried. In this example I am using a LIMIT of 500, so it will list only first 500 records out of all that is fetched. Please refer to the below doc link for better understanding how LIMIT caluse can be used:

https://docs.appdynamics.com/display/PRO44/LIMIT+Clause

Hope this helps. Do let me know in case you have queries.

Thank You

Chitra

0 Karma
Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...