Splunk AppDynamics
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Date functions

CommunityUser
Splunk Employee
Splunk Employee
‎07-31-2018 12:47 AM

Hello,

I want to use date functions in search in order to :

- filter certain hours (for exemple between 12AM and 2 PM)

- filter days of the week (for exemple monday)

how can I extract part of timestamp to do this ?

I can't use the Custom Time Range cause I want a large periode (a month).

Thank you for your response

Marie-Laure

Labels (1)
Labels
0 Karma
Reply

Chitra_Lal
Contributor
‎07-31-2018 09:41 AM

Hi Marie-Laure,

We don't have a date function in ADQL, instead we use the UNIX timestamps. However with Custom Time Range option available on the dashboards too you should be able to see 1 month time range data without any issues(provided that you have data retention of last 1 month or greater so that the data exists at the backend and isn't rolled over). Could you please let us know what issue you are facing trying to use custom time ranges so that we may try to see if there is a possible solution.

In any case if that doesn't work for you, you may try using the ADQL query with UNIX eventtimestamp range and get 1 month data. So assuming you have data retention for the required time period, you can run an ADQL query like below:

SELECT series(eventTimestamp, '30d', 1530403200, 1533054268), distinctcount(sessionguid) FROM web_session_records WHERE appkey = "AD-AAB-AAF-XCP" LIMIT 500

 This should show you results for 1 month range as passed in your query.image.png

Please note that these time stamps are in UNIX (Epoch timestamp), so you'll need to use appropriate conversion for whatever range you want.

Note2: You can limit your searches for better pagination if larger sets of data if needed to be queried. In this example I am using a LIMIT of 500, so it will list only first 500 records out of all that is fetched. Please refer to the below doc link for better understanding how LIMIT caluse can be used:

https://docs.appdynamics.com/display/PRO44/LIMIT+Clause

Hope this helps. Do let me know in case you have queries.

Thank You

Chitra

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Maximizing the Value of Splunk ES 8.x

Splunk Enterprise Security (ES) continues to be a leader in the Gartner Magic Quadrant, reflecting its pivotal ...