Splunk AppDynamics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Date functions

CommunityUser
Splunk Employee
Splunk Employee
‎07-31-2018 12:47 AM

Hello,

I want to use date functions in search in order to :

- filter certain hours (for exemple between 12AM and 2 PM)

- filter days of the week (for exemple monday)

how can I extract part of timestamp to do this ?

I can't use the Custom Time Range cause I want a large periode (a month).

Thank you for your response

Marie-Laure

Labels (1)
Labels
0 Karma
Reply

Chitra_Lal
Contributor
‎07-31-2018 09:41 AM

Hi Marie-Laure,

We don't have a date function in ADQL, instead we use the UNIX timestamps. However with Custom Time Range option available on the dashboards too you should be able to see 1 month time range data without any issues(provided that you have data retention of last 1 month or greater so that the data exists at the backend and isn't rolled over). Could you please let us know what issue you are facing trying to use custom time ranges so that we may try to see if there is a possible solution.

In any case if that doesn't work for you, you may try using the ADQL query with UNIX eventtimestamp range and get 1 month data. So assuming you have data retention for the required time period, you can run an ADQL query like below:

SELECT series(eventTimestamp, '30d', 1530403200, 1533054268), distinctcount(sessionguid) FROM web_session_records WHERE appkey = "AD-AAB-AAF-XCP" LIMIT 500

 This should show you results for 1 month range as passed in your query.image.png

Please note that these time stamps are in UNIX (Epoch timestamp), so you'll need to use appropriate conversion for whatever range you want.

Note2: You can limit your searches for better pagination if larger sets of data if needed to be queried. In this example I am using a LIMIT of 500, so it will list only first 500 records out of all that is fetched. Please refer to the below doc link for better understanding how LIMIT caluse can be used:

https://docs.appdynamics.com/display/PRO44/LIMIT+Clause

Hope this helps. Do let me know in case you have queries.

Thank You

Chitra

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...