Datetime syntax seems valid, but causes a syntax error
I'm trying to query my customlogs table (Eg: CustomData_CL) by giving the time range. The result of this query will be the filtered time ranged data. I want to find out the data size of the resulted output.
Query which I have used to fetch the time ranged output:
CustomData_CL
| where TimeGenerated between (datetime(2022–09–14 04:00:00) .. datetime(2020–09–14 05:00:00))
But it is giving the following error:
How can I fix it?
Solution
Note the characters with code point 8211.
These are not standard hyphens (-) 🙂.
let p_str = "(datetime(2022–09–14 04:00:00) .. datetime(2020–09–14 05:00:00))";
print str = p_str
| mv-expand str = extract_all("(.)", str) to typeof(string)
| extend dec = to_utf8(str)[0]
| str | dec |
|---|---|
| ( | 40 |
| d | 100 |
| a | 97 |
| t | 116 |
| e | 101 |
| t | 116 |
| i | 105 |
| m | 109 |
| e | 101 |
| ( | 40 |
| 2 | 50 |
| 0 | 48 |
| 2 | 50 |
| 2 | 50 |
| – | 8211 |
| 0 | 48 |
| 9 | 57 |
| – | 8211 |
| 1 | 49 |
| 4 | 52 |
| 32 | |
| 0 | 48 |
| 4 | 52 |
| : | 58 |
| 0 | 48 |
| 0 | 48 |
| : | 58 |
| 0 | 48 |
| 0 | 48 |
| ) | 41 |
| 32 | |
| . | 46 |
| . | 46 |
| 32 | |
| d | 100 |
| a | 97 |
| t | 116 |
| e | 101 |
| t | 116 |
| i | 105 |
| m | 109 |
| e | 101 |
| ( | 40 |
| 2 | 50 |
| 0 | 48 |
| 2 | 50 |
| 0 | 48 |
| – | 8211 |
| 0 | 48 |
| 9 | 57 |
| – | 8211 |
| 1 | 49 |
| 4 | 52 |
| 32 | |
| 0 | 48 |
| 5 | 53 |
| : | 58 |
| 0 | 48 |
| 0 | 48 |
| : | 58 |
| 0 | 48 |
| 0 | 48 |
| ) | 41 |
| ) | 41 |
Update, per OP request:
Please note that in addition to the use of a wrong character that caused the syntax error, your 2nd datetime year was wrong.
// Generation of mock table. Not part of the solution
let CustomData_CL = datatable(TimeGenerated:datetime)[datetime(2022-09-14 04:30:00)];
// Solution starts here
CustomData_CL
| where TimeGenerated between (datetime(2022-09-14 04:00:00) .. datetime(2022-09-14 05:00:00))
| TimeGenerated |
|---|
| 2022-09-14T04:30:00Z |
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Create Azure TimerTrigger Durable Function in python
- Azure File Share: Cannot map network drive
- RBAC with bicep
- ADF expression to convert array to comma separated string
- How to get status of Azure machine learning service pipeline run using Rest Api?
- How do I deploy a Nuxt 3 solution to an Azure Node Web App
- Azure Blob Upload not working in ASP .Net Core Application
- How to clear a Cosmos DB database or delete all items using Azure portal
- Using script commands, how to add multiple scale rules to an Azure Container App?
- User Assigned Managed Identity: No User Assigned or Delegated Managed Identity found for specified ClientId/ResourceId/PrincipalId
- Generate resources dynamically from another group of dynamically generated resources in Terraform
- Column reordering in ADF
- Logic App AuthorizationFailure - vnet integration needed
- Azure blob, controlling filename on download
- Azure VNet peering with Private Link
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- How to configure appsettings on a auto-generated preview environment
- Using Azure DevOps, how do I migrate a release pipeline to code, similar to build pipeline yml?
- Root login Ubuntu VM on Azure
- Filtering azure devops release build based upon build tag with "Continuous deployment trigger"
- Azure WebApp autoscale
- How to handle long startup times in Azure App Service deployment
- Frontend not available when front and back on same Web App Azure
- Use Salesforce Connectors from Hosted Azure Logic App in VSCode?
- What is considered an ingestion request in Azure Data Explorer?
- Provisioning (SCIM) by Entra/Azure: Why can I not select the "groups" attribute in my attribute mapping?
- Azure function verbose trace logging to Application Insights
- Azure function app GraphServiceClient create list
- Cypress tests fail to run in parallel mode due to mismatched specs between different runs