Second of the day (secondofday)
Returns the number of seconds elapsed since midnight of the given timestamp. Optionally, you can check it in a time zone different than yours.
How does it work in the search window?
Select Create column in the search window toolbar, then select the Secondofday operation.
If you add the Timestamp argument, you will get the seconds considering your current timezone. Optionally, you can specify a different time zone adding the Time zone argument to see the seconds in that time zone (there are time zones with half hours).
You can either select a column with that data type or introduce it manually.
In case you want to introduce it, note that this value should be a date: Year-Month_Day Hour:Minute:Second.Millisecond (yyyy-MM-dd HH:mm:ss.SSS) → You can skip seconds and milliseconds.
You need a valid string format the app can recognize so it returns meaningful results. If you leave the field empty or introduce a value the app cannot recognize, the default Time Zone is UTC. You can use one of the following methods:
Be aware that some of the codes coincide, as CST could mean Central Standard Time or China Standard Time. In that case, it would be advisable to avoid using codes and introduce any of the other formats mentioned.
The data type of the new column values will be integer and the values shown will be 0-86,400.
Be aware that timestamps taking place during summer will be affected in the time zones in which they set the clock forward during summer. For example, Europe/Madrid (CET-Central European Time), which is UTC+1, becomes UTC+2 during summertime and thus timestamps in August will be affected when using that time zone. Be also aware that summertime differs between the Northern and Southern Hemispheres.
siem.logtrust.web.activity table, we want to create a column showing the seconds of the day in our eventdate column. To do it, we will create a new column using the Secondofday operation.
The arguments needed to create the new column are:
- Timestamp - eventdate column
Let's say we need to adapt the time zone to Central European. Click New Argument to specify a Time Zone.
Click the pencil icon and specify the time zone (CET or Central European Time) or any other.
Click Create column and you will see the following result:
How does it work in LINQ?
Use the operator
as... and add the operation syntax to create the new column. These are the valid formats for the Secondofday operation:
secondofday(timestamp)→ Use this expression to get the seconds of the given timestamps, according to your current time zone.
secondofday(timestamp, timezone_string)→ Use this expression to get the seconds of the given timestamps, according to the specified time zone.
You can copy the following LINQ script and try the previous examples on the
from siem.logtrust.web.activity select secondofday(eventdate, "CET") as eventdate_secondofday