Solved: help for retrieving events during the week only

jip31 · ‎02-09-2021

hi

I use this search in order to retrieve events between 9h and 17h

Now I also want to catch the events only between the monday and the friday

How to do this please?

`CPU` 
| bin _time span=5h
| eval slottime = strftime(_time, "%H%M") 
| where (slottime >= 900 AND slottime <= 1700)

ITWhisperer · ‎02-09-2021

The w needs to be lower case

View solution in original post

ITWhisperer · ‎02-09-2021

strftime with %w then where value between 1 and 5 inclusive

jip31 · ‎02-09-2021

like this??

`CPU` 
| bin _time span=5h 
| eval slottime = strftime(_time, "%H%M") 
| eval week =strftime(_time, "%W") 
| where (slottime >= 900 AND slottime <= 1700) AND (week >=1 AND week <=5)

ITWhisperer · ‎02-09-2021

The w needs to be lower case

View solution in original post

help for retrieving events during the week only

other

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >

help for retrieving events during the week only

other

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >