Gets the hour (24-hour clock) of a timestamp field.

ParameterTypeRequiredDefault ValueDescription
asstringoptional[a]_hour The name of the output field.
field[b]stringoptional[a]@timestamp The name of the input field.
timezonestringoptional[a]  The time offset to use, for example, -01:00. If not specified, the query's offset will be used.
timezoneFieldstringoptional[a]@timezone The name of the field containing the timezone to use, if not specified the query's timezone will be used. This is ignored if the timezone parameter is passed as well. If this is not defined the timezone offset of the query will be used.

[a] Optional parameters use their default value unless explicitly set.

[b] The argument name field can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

time:hour() Examples

Hourly Data Events

Query
logscale
hr := time:hour(field="@ingesttimestamp")
|groupBy(hr)
Introduction

The time:hour() function can be used to get the 24-hour clock of a given timestamp field. In this example, the time:hour() function is used with groupBy() to average the count of data events per hour.

Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    hr := time:hour(field="@ingesttimestamp")

    Gets the hour (24-hour clock) of the values in the @ingesttimestamp and returns the results in a new field named hr.

  3. logscale
    |groupBy(hr)

    Groups the returned results by hr field and provides a count of the number of data events per hour in a _count field.

  4. Event Result set.

Summary and Results

The query is used to average the count of data events per hour. The results can be plotted onto a bar chart.