Day name (dayname)
Returns the name of the day from a given timestamp. Optionally, you can check it in a time zone different than yours and specify the language in which the day name will appear (en by default).
How does it work in the search window?
Select Create column in the search window toolbar, then select the Dayname operation.
For the Timestamp argument, you will get the day of the week considering your current timezone. Optionally, specify the language by adding the Locale argument and typing the locale format. You can also specify a different time zone adding the Time zone argument to see the day of the week in the specified time zone. When assigning a time zone different to yours, pay special attention to the original timestamp of the event, as the result may imply a day shift in the time zone specified.
You can either select a column with that data type or introduce it manually.
In case you want to introduce it, note that this value should be a date: Year-Month_Day Hour:Minute:Second.Millisecond (yyyy-MM-dd HH:mm:ss.SSS) → You can skip seconds and milliseconds.
Applies the correct language to the day part of the date based on the locale you specify. If this argument is not added, the day will be in your own locale, which is determined by your user preferences.
The accepted formats for the locale argument correspond to the ISO 639-1 codes, which consist of two-character codes ("en" for English, "es" for Spanish, "fr" for Frech or "de" for German), or a combination of this with the ISO 3166-2, which consists of two-character codes for specific countries ("gb" for United Kingdom, "es" for Spain...) and together they result in a four-character code specifying the subdivision ("en-us" for American English, etc.).
It must not be confused with the ISO codes that consist of three-character codes.
As not all codes are recognized as valid locales, entering an invalid code will return the locale set in your user preferences. Check the full list of locales here.
You need a valid string format the app can recognize so it returns meaningful results. If you leave the field empty or introduce a value the app cannot recognize, the default Time Zone is UTC. You can use one of the following methods:
Be aware that some of the codes coincide, as CST could mean Central Standard Time or China Standard Time. In that case, it would be advisable to avoid using codes and introduce any of the other formats mentioned.
The data type of the new column values will be string and the values shown will be the name of the day.
Be aware that timestamps taking place during summer will be affected in the time zones in which they set the clock forward during summer. For example, Europe/Madrid (CET-Central European Time), which is UTC+1, becomes UTC+2 during summertime and thus timestamps in August will be affected when using that time zone. Be also aware that summertime differs between the Northern and Southern Hemispheres.
siem.logtrust.web.all table, we want to create a column showing the day of the week of the dates in our eventdate column. To do it, we will create a new column using the Dayname operation.
The arguments needed to create the new column are:
- Timestamp - eventdate column
Let's say we need to adapt the formatted date for French-speaking people. Click New Argument to add the locale, and again to add the Time Zone.
- Locale: Click the pencil icon and specify the code for French, which is "fr".
- Time Zone: Click the pencil icon and specify the time zone in France (CET or Central European Time) or any other.
Click Create column and you will see the following result:
How does it work in LINQ?
Use the operator
as... and add the operation syntax to create the new column. These are the valid formats for the Dayname operation:
dayname(timestamp)→ Use this expression to get the day of the week corresponding to the given timestamps, according to your current time zone.
dayname(timestamp, locale_string)→ Use this expression to get the day of the week corresponding to the given timestamps according to your current time zone and considering a specific locale.
dayname(timestamp, locale_string, timezone_string)→ Use this expression to get the day of the week corresponding to the given timestamps, according to the specified time zone and locale.
You can copy the following LINQ script and try the above example on the
from siem.logtrust.web.activity select dayname(eventdate, "fr", "CET") as eventdate_days