This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
thoman
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2015-01-16 11:10
528 views

Searching specific hour in Logger

Jump to solution

I need to find out after office hours logon activities over one week period in Logger. I know it can be done in Logger report query (select ... where hour(endTime) < 8 and hour(endTime) > 18), but how can I do it in Logger search?

Labels (1)
Labels
Tags (1)
0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
rhope
Fleet Admiral
Fleet Admiral
‎2015-01-19 02:11

Jump to solution

My feeling is that from a workflow perspective, this is more a reporting task than a search task and there doesn't appear to be an easy way to do it, I can't find a way to parse out the hour from the endTime field (rex works on the RAW field and so gets a timestamp/seconds since epoch as input).  The best I could come up with was the following which is undocumented (the '-d -h' and the '-d +h' documentation only gives <current_period> [ +/- <units>] ) but appears to work.

_storageGroup IN ["Default Storage Group"] AND (

    (endTime >= "$Today - 6d - 6h" AND endTime <= "$Today - 6d + 8h") OR

    (endTime >= "$Today - 5d - 6h" AND endTime <= "$Today - 5d + 8h") OR

    (endTime >= "$Today - 4d - 6h" AND endTime <= "$Today - 4d + 8h") OR

    (endTime >= "$Today - 3d - 6h" AND endTime <= "$Today - 3d + 8h") OR

    (endTime >= "$Today - 2d - 6h" AND endTime <= "$Today - 2d + 8h") OR

    (endTime >= "$Today - 1d - 6h" AND endTime <= "$Today - 1d + 8h") OR

    (endTime >= "$Today - 6h" AND endTime <= "$Today + 8h"))

View solution in original post

0 Likes
Reply
Report Inappropriate Content
2 Replies
rhope
Fleet Admiral
Fleet Admiral
‎2015-01-19 02:11

Jump to solution

My feeling is that from a workflow perspective, this is more a reporting task than a search task and there doesn't appear to be an easy way to do it, I can't find a way to parse out the hour from the endTime field (rex works on the RAW field and so gets a timestamp/seconds since epoch as input).  The best I could come up with was the following which is undocumented (the '-d -h' and the '-d +h' documentation only gives <current_period> [ +/- <units>] ) but appears to work.

_storageGroup IN ["Default Storage Group"] AND (

    (endTime >= "$Today - 6d - 6h" AND endTime <= "$Today - 6d + 8h") OR

    (endTime >= "$Today - 5d - 6h" AND endTime <= "$Today - 5d + 8h") OR

    (endTime >= "$Today - 4d - 6h" AND endTime <= "$Today - 4d + 8h") OR

    (endTime >= "$Today - 3d - 6h" AND endTime <= "$Today - 3d + 8h") OR

    (endTime >= "$Today - 2d - 6h" AND endTime <= "$Today - 2d + 8h") OR

    (endTime >= "$Today - 1d - 6h" AND endTime <= "$Today - 1d + 8h") OR

    (endTime >= "$Today - 6h" AND endTime <= "$Today + 8h"))

View solution in original post

0 Likes
Reply
Report Inappropriate Content
thoman
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class
‎2015-01-19 02:20

Jump to solution

Thank you, Richard.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.