Forum Discussion
Exclude logs between a certain time range
We'd like to exclude logs generated between certain time ranges from our alerts but are having a hard time figuring out how to play with the time value of datetime. Lets say I have timeOfOccurenc...
nickthompson Here are two examples
// go back 1hr let startDate = ago(1h); // go back in time nn let endDate = now(); // what is the date now union withsource = tt * | where TimeGenerated between (startDate .. endDate ) | where _IsBillable == True | summarize by tt, TimeGenerated
I probably think you'll need a modified version this time range example:
// Exclude 1am to 6am
union withsource = tt *
| where TimeGenerated > startofday(ago(1day)) // start from midnight yesterday
| where TimeGenerated !between (datetime('01:00:00') .. datetime('06:00:00')) // exclude times today
| where _IsBillable == True
| where tt == "Event"
| summarize count() by tt, TimeGenerated
| render barchart title ="Exclude 1am thru 6am"