Gets the hour (24-hour clock) of a timestamp field.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
as | string | optional[a] | _hour | The name of the output field. |
field[b] | string | optional[a] | @timestamp | The name of the input field. |
timezone | string | optional[a] | The time offset to use, for example, -01:00. If not specified, the query's offset will be used. | |
timezoneField | string | optional[a] | @timezone | The name of the field containing the timezone to use, if not specified the query's timezone will be used. This is ignored if the timezone parameter is passed as well. If this is not defined the timezone offset of the query will be used. |
[a] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscale Syntaxtime:hour("value")and:
logscale Syntaxtime:hour(field="value")These examples show basic structure only.
time:hour() Examples
Click next to an example below to get the full details.
Extract Hour From Timestamp
Get the hour from a timestamp using the
time:hour() function
Query
time:hour(timestamp, as=hour)Introduction
In this example, the time:hour() function is used
to extract the hour from a specific timestamp 2025-08-27
08:51:51.000, demonstrating how to get the hour value from a
datetime.
Step-by-Step
Starting with the source repository events.
- logscale
time:hour(timestamp, as=hour)Extracts the hour from the @timestamp field and returns the result in a new field named hour. If the
asparameter is not specified, the result is returned in a field named _hour as default. Event Result set.
Summary and Results
The query is used to extract the hour from a timestamp, which is useful for analyzing event patterns throughout the day.
This query is useful, for example, to analyze hourly patterns, identify peak activity hours, or group events by time of day.
Sample output from the incoming example data:
| @timestamp | hour |
|---|---|
| 2025-08-27 08:51:51.000 | 8 |
The result shows how the time:hour() function
extracts the hour (in this case 8) from the
timestamp, indicating it is 8 AM in 24-hour format.
For visualizing this data, consider using a Bar Chart widget to show
event distribution across hours, or a Heat Map widget to display
activity patterns throughout the day. The
time:hour() function is often used with other time
functions like time:minute() and
time:second() for complete time analysis.
Hourly Data Events
Summarize events by providing a count of the number of data events
per hour using the time:hour() function
Query
hr := time:hour(field="@ingesttimestamp")
|groupBy(hr)Introduction
In this example, the time:hour() function is used
with groupBy() to average the count of data events
per hour.
Step-by-Step
Starting with the source repository events.
- logscale
hr := time:hour(field="@ingesttimestamp")Gets the hour (24-hour clock) of the values in the @ingesttimestamp and returns the results in a new field named
hr. - logscale
|groupBy(hr)Groups the returned results by hr field and provides a count of the number of data events per hour in a _count field.
Event Result set.
Summary and Results
The query is used to average the count of data events per hour. The results can be plotted onto a bar chart.