Learn more about the Cortex Query Language date_floor() function.
Syntax
date_floor (<timestamp field>, "<time unit>" [, "<time zone>")
Description
The date_floor() function converts a timestamp value for a particular field or function result that contains a number, and returns a timestamp rounded down to the nearest whole value of a specified <time unit>, including a year (y), month (mo), week (w), day (d), or hour (h). The <time zone> offset is optional to configure using an hours offset, such as “+08:00”, or using a time zone name from the List of Supported Time Zones, such as "America/Chicago". When you do not configure a time zone, the default is UTC.
Example
Returns a maximum of 100 xdr_data records with the events of the _time field that are less than equal to a timestamp value. The timestamp value undergoes a number of different function manipulations. The current time is first rounded to the nearest whole value for the week according to the America/Los_Angeles time zone. This timestamp value is then converted to the Unix epoch timestamp format in seconds and is added to the -2073600 Unix epoch time. This Unix epoch time value in seconds is then converted to the final timestamp value that is used to filter the _time fields and return the resulting records.
dataset = xdr_data | filter _time < to_timestamp(add(to_epoch(date_floor(current_time(),"w", "America/Los_Angeles")),-2073600)) | limit 100