Kusto Query for Working Hours

calendar Feb 18, 2021 · 1 min read · microsoft azure kusto log-analytics  ·
Share on: linkedin copy

A quick Kusto query snippet you can use with Azure Log Analytics to show the last 7 days of records, but between 9am and 5pm each day.

The query makes a localTimestamp column, calculated based on the difference from UTC. It then refines the results to only include the last 7 days, and where the time (in that calculated timezone) is between 0900 and 1700.

1Syslog
2| extend localTimestamp = TimeGenerated - 5h
3| where TimeGenerated > ago(7d)
4| where hourofday( localTimestamp) >= 9
5| where hourofday( localTimestamp) < 17