i am not getting any events

How about this (the last where clause)

|  where tonumber(strftime(desired_times,"%H"))=8 OR tonumber(strftime(desired_times,"%H"))=12 OR tonumber(strftime(desired_times,"%H"))=18

still no results found

Strange. What is your full query? You're getting events before the where clause?

Try this as well

your base search | some regex | eval hour=tonumber(strftime(_time,"%H")) | where hour>=8 AND hour<=18

Its working now.But remaining all fields are also coming with no data.I want to display only my required fields in the statistics table

Add a table command after the where clause.

...| table list of fields that you want to show

yes am getting the results with all hours of data.
my search query is
base search
|rex ".?(?[^,]+),\s?(?[^,]+),\s*?(?[^,]+),\s*?(?[^,]+),\s*?(?\d+),\s*?(?\d+),\s*?(?\d+),\s*?(?\d+),\s*?(?\d+)"
|bin _time as desired_times span=4h | where tonumber(strftime(desired_times,"%H"))=8 OR tonumber(strftime(desired_times,"%H"))=12 OR tonumber(strftime(desired_times,"%H"))=18|table _time,server,DISK
| timechart limit=0 max(DISK) as DISK by server

i included your suggession thats not giving any results

NO i want only 8AM,12PM,18PM data.
my search looks like this
your base search
| rex "(AM|PM)\s+(?[^,]+),\s+?(?[^,]+),\s+?(?[^,]+),\s+?(?[^,]+),\s+?(?\d+),\s+?(?\d+),\s+?(?\d+)"
| bin _time as desired_times span=4h
| where _time = desired_times
| table _time SERV NODE CPU MEM DISK

now i want only 8AM,12PM,18PM data?

Your code is getting escaped please post with Code button (101010). date_hour should still work... Following in the base search should give you event only from specific hours

 < Your base search > (date_hour=08 OR date_hour=12  OR date_hour=18

its giving me the results but in table statistics all hours are displaying without data,
I want to display only those 3 hrs in table statistics