Sumo Logic provides the following operations for converting and formatting timestamps, which can be used to return the week number for a given timestamp.
parseDate - Uses the SimpleDateFormat specification to convert a timestamp string to epoch time.
formatDate - Uses the SimpleDateFormat specification to convert epoch times to a given format.
For further information on SimpleDateFormat, please refer to:
https://docs.oracle.com/javase/7/docs/api/java/text/SimpleDateFormat.html
Using these two operators we can get the week number from a given timestamp string by first converting that string to epoch time, using the parseDate operation, and then using the formatDate operation to get the given week of the year from the returned epoch time. Supplying a lower case 'w' within the SimpleDateFormat will return the week of the year.
Example 1:
Given the following example timestamp string that may have been parsed from a log message into a string field named 'timestamp'.
2019-02-15T12:00:00.000Z
The following operations will return the week number for the given date, which in our example would return 7 as the week of the year.
| parseDate(timestamp, "yyyy-MM-dd'T'HH:mm:ss.SSS", "UTC") as week
| formatDate(week, "w", "UTC") as week
Alternatively, you may perform these operations within a single query operation.
| formatDate(parseDate(timestamp, "yyyy-MM-dd'T'HH:mm:ss.SSS", "UTC"), "w") as week
Example 2:
If using the default _mesagetime or _receipttime metadata for a log message you can bypass the conversion to epoch time and convert these values directly to a date format string.
| formatDate(_messagetime, "UTC"), "w") as week
Note: Within these format operations, you will need to supply the proper timezone for the message to ensure the proper week is returned for the expected timezone.
Comments
0 comments
Article is closed for comments.