Home

Day of week function?

%3CLINGO-SUB%20id%3D%22lingo-sub-288054%22%20slang%3D%22en-US%22%3EDay%20of%20week%20function%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-288054%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20trying%20to%20write%20a%20query%20that%20will%20return%20results%20where%20the%20TimeGenerated%20value%20is%20greater%20than%20the%20date%20of%20the%20last%20Friday%20(for%20example).%26nbsp%3B%20Is%20there%20a%20way%20to%20do%20this%20in%20KQL%3F%26nbsp%3B%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-288054%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Log%20Analytics%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-288391%22%20slang%3D%22en-US%22%3ERe%3A%20Day%20of%20week%20function%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-288391%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Mike%2C%3C%2FP%3E%0A%3CP%3EAs%20far%20as%20I%20know%2C%20you%20can%20get%20the%20%22day%20of%20week%22%20for%20a%20specific%20date%2C%20but%20not%20the%20other%20way%20around%20(date%20of%20a%20specific%20day%20in%20the%20week).%20Here's%20an%20example%3A%3C%2FP%3E%0A%3CPRE%3Eprint(dayofweek(datetime(2018-10-29)))%20%3C%2FPRE%3E%0A%3CP%3EThe%20result%20is%20the%20number%20of%20days%20since%20Sunday.%20In%20the%20example%20above%2C%20the%20result%20is%201%20which%20means%20Monday.%20You%20can%20read%20more%20about%20this%20function%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fkusto%2Fquery%2Fdayofweekfunction%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%26nbsp%3Band%20review%20the%20language%20reference%20for%20alternatives%2C%20if%20you%20prefer.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHTH%2C%3C%2FP%3E%0A%3CP%3ENoa%3C%2FP%3E%3C%2FLINGO-BODY%3E
Mike Watson
Occasional Visitor

I'm trying to write a query that will return results where the TimeGenerated value is greater than the date of the last Friday (for example).  Is there a way to do this in KQL?  Thanks!

1 Reply

Hi Mike,

As far as I know, you can get the "day of week" for a specific date, but not the other way around (date of a specific day in the week). Here's an example:

print(dayofweek(datetime(2018-10-29))) 

The result is the number of days since Sunday. In the example above, the result is 1 which means Monday. You can read more about this function here and review the language reference for alternatives, if you prefer.

 

HTH,

Noa

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies