Axiom Docs

Use the hourofday function in APL to extract the hour of the day from a datetime value. The function returns an integer from 0 to 23, where 0 represents midnight and 23 represents 11 PM. You can use hourofday to group records by hour for time-of-day analysis, peak traffic identification, and intraday pattern detection. This is useful for operational dashboards, capacity planning, and anomaly detection. Use it when you want to:

Identify peak traffic hours in your services.
Analyze hourly patterns in request volume or error rates.
Create time-of-day summaries across log, trace, or security datasets.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk SPL, you typically use the strftime function with the %H specifier to extract the hour of the day. In APL, the hourofday function directly returns the hour as an integer.

... | eval hour=strftime(_time, "%H")

ANSI SQL users

In ANSI SQL, you use EXTRACT(HOUR FROM timestamp) or the HOUR() function to get the hour. In APL, hourofday provides the same result.

SELECT EXTRACT(HOUR FROM timestamp_column) AS hour FROM events;

Usage

Syntax

hourofday(datetime)

Parameters

Name	Type	Description
datetime	`datetime`	The input datetime value.

Returns

An int from 0 to 23 representing the hour of the day.

Use case examples

Log analysis
OpenTelemetry traces
Security logs

Analyze HTTP request volume by hour to identify peak traffic periods.Query

['sample-http-logs']
| extend hour = hourofday(_time)
| summarize request_count = count() by hour
| sort by hour asc

Run in PlaygroundOutput

hour	request_count
0	312
1	287
14	1523

This query groups HTTP log entries by hour and counts the requests per hour, revealing peak and off-peak periods.

Find peak hours for trace activity by service to understand when services experience the highest load.Query

['otel-demo-traces']
| extend hour = hourofday(_time)
| summarize trace_count = count() by hour, ['service.name']
| sort by hour asc

Run in PlaygroundOutput

hour	service.name	trace_count
9	frontend	2450
10	frontend	2780
14	cart	1340

This query shows the hourly distribution of traces per service, helping you identify when each service is busiest.

Detect after-hours error spikes by analyzing the hourly distribution of HTTP errors.Query

['sample-http-logs']
| where toint(status) >= 400
| extend hour = hourofday(_time)
| summarize error_count = count() by hour
| sort by hour asc

Run in PlaygroundOutput

hour	error_count
2	87
3	92
15	34

This query reveals the hourly pattern of HTTP errors, helping you detect unusual activity during off-peak hours.

dayofweek: Returns the day of the week as a timespan, complementing hourly analysis with day-level detail.
dayofmonth: Returns the day of the month from a datetime.
datetime-part: Extracts a specific date part (such as hour) as an integer.
startofday: Returns the start of the day for a datetime, useful for daily binning.
endofday: Returns the end of the day for a datetime value.

Get started

Functions

Operators

Reference

Migration

hourofday

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions