Stay organized with collections
Save and categorize content based on your preferences.
timestamp.get_hour
timestamp.get_hour(unix_seconds [, time_zone])
Description
This function returns an integer in the range [0, 23] representing the hour.
unix_seconds is an integer representing the number of seconds past Unix
epoch, such as $e.metadata.event_timestamp.seconds, or a placeholder
containing that value.time_zone is optional and is a string representing a time zone. If
omitted, the default is "GMT". You can specify time zones using string
literals. The options are:
- The TZ database name, for example "America/Los_Angeles". For more
information, see the "TZ Database Name" column from this page
- The time zone offset from UTC, in the format
(+|-)H[H][:M[M]],
for example: "-08:00".
Here are examples of valid time_zone specifiers, which you can pass as the second argument to time extraction functions:
"America/Los_Angeles", or "-08:00". ("PST" is not supported)
"America/New_York", or "-05:00". ("EST" is not supported)
"Europe/London"
"UTC"
"GMT"
Param data types
INT, STRING
Return type
INT
Code samples
Example 1
In this example, the time_zone argument is omitted, so it defaults to "GMT".
$ts = $e.metadata.collected_timestamp.seconds
timestamp.get_hour($ts) = 15
Example 2
This example uses a string literal to define the time_zone.
$ts = $e.metadata.collected_timestamp.seconds
timestamp.get_hour($ts, "America/Los_Angeles") = 15
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-14 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-07-14 UTC."],[[["\u003cp\u003eThe \u003ccode\u003etimestamp.get_hour\u003c/code\u003e function extracts the hour (0-23) from a Unix timestamp, which is supported in both Rules and Search within the Chronicle documentation.\u003c/p\u003e\n"],["\u003cp\u003eThis function requires a Unix timestamp as input (\u003ccode\u003eunix_seconds\u003c/code\u003e), representing seconds since the Unix epoch, often derived from event metadata like \u003ccode\u003e$e.metadata.event_timestamp.seconds\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eAn optional \u003ccode\u003etime_zone\u003c/code\u003e string argument can be included to specify a time zone using either the TZ database name (e.g., "America/Los_Angeles") or a UTC offset (e.g., "-08:00").\u003c/p\u003e\n"],["\u003cp\u003eIf the \u003ccode\u003etime_zone\u003c/code\u003e argument is omitted, the function defaults to using "GMT" for time zone calculations.\u003c/p\u003e\n"],["\u003cp\u003eThe return type for the function will be an Integer.\u003c/p\u003e\n"]]],[],null,["### timestamp.get_hour\n\nSupported in: \n[Rules](/chronicle/docs/detection/default-rules) [Search](/chronicle/docs/investigation/udm-search) \n\n timestamp.get_hour(unix_seconds [, time_zone])\n\n#### Description\n\nThis function returns an integer in the range `[0, 23]` representing the hour.\n\n- `unix_seconds` is an integer representing the number of seconds past Unix epoch, such as `$e.metadata.event_timestamp.seconds`, or a placeholder containing that value.\n- `time_zone` is optional and is a string representing a time zone. If omitted, the default is \"GMT\". You can specify time zones using string literals. The options are:\n - The TZ database name, for example \"America/Los_Angeles\". For more information, see the [\"TZ Database Name\" column from this page](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)\n - The time zone offset from UTC, in the format`(+|-)H[H][:M[M]]`, for example: \"-08:00\".\n\nHere are examples of valid `time_zone` specifiers, which you can pass as the second argument to time extraction functions: \n\n \"America/Los_Angeles\", or \"-08:00\". (\"PST\" is not supported)\n \"America/New_York\", or \"-05:00\". (\"EST\" is not supported)\n \"Europe/London\"\n \"UTC\"\n \"GMT\"\n\n#### Param data types\n\n`INT`, `STRING`\n\n#### Return type\n\n`INT`\n\n#### Code samples\n\n##### Example 1\n\nIn this example, the `time_zone` argument is omitted, so it defaults to \"GMT\". \n\n $ts = $e.metadata.collected_timestamp.seconds\n\n timestamp.get_hour($ts) = 15\n\n##### Example 2\n\nThis example uses a string literal to define the `time_zone`. \n\n $ts = $e.metadata.collected_timestamp.seconds\n\n timestamp.get_hour($ts, \"America/Los_Angeles\") = 15"]]
