kqlazure-log-analytics

Kusto: How to filter Logs in a certain time period?


I want to filter SignIn-Logs with Kusto whose timestamps are only between 6pm and 6am.

Something like that

SignInLogs
| where TimeGenerated between(dateStart .. dateEnd)

All examples I have found are always based on a full timestamp with exact date, like (2014-05-25T08:20:03.123456Z). But I am only interested in the time.

Any idea how to solve this?


Solution

  • Kusto: How to filter Logs in a certian time period?

    Try the below query

    SignInLogs
    | where TimeGenerated > ago(1d)
    | extend hour = datetime_part("hour", TimeGenerated)
    | where hour !between (6 .. 18)
    

    enter image description here