Home > Enterprise >  How to drop [UTC] from a column table in KQL
How to drop [UTC] from a column table in KQL

Time:01-20

Trying to clean up some columns coming into Sentinel from syslog, and working on changing from UTC to local time.

Here is an example of what I have so far:

print dt=now()
| extend pacific_dt = datetime_utc_to_local(dt, 'US/Pacific')
| extend PacificTime = pacific_dt
| project-away dt

What I would expect is two columns, one named pacific_dt and another named PacificTime. However, when the output is displayed, both column names are appended with [UTC]. Is there a way to remove the [UTC] text that's appended or a workaround to make a new column based on that data but not get the appended text in the column name?

Here's the example code and output. UTC

PST

Please note the following:

  • The current UTC value now equals to the previous PST value.
  • The current PST value has double offset (-8h x 2)

Bottom line - Work with UTC, and let the client do the conversion to a local time zone.

Page link:https//www.codepudding.com/Enterprise/677975.html

Prev:What is the difference between ApplicationInsights TrackEvent and ILogger LogInformation
Next:Occasionally receiving 421 response code from Azure Front Door when using wildcard route
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding