Use the todatetime function to convert various data types to a datetime value. This is helpful when you need to normalize date and time values from different formats or sources into a standard datetime format for comparison, filtering, or time-based analysis.

You typically use todatetime when working with date strings, timestamps, or other time representations that need to be converted to datetime format for time-based operations.

#For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

... | extend timestamp = todatetime(date_field)

['sample-http-logs']
| extend date_value = todatetime('2022-11-13')

#Usage

#Syntax

todatetime(value)

#Parameters

#Returns

If the conversion is successful, the result is a datetime value. If the conversion isn't successful, the result is null.

#Conversion behavior

The todatetime function converts values based on their type:

• Integer/Float: Assumed to be nanoseconds since epoch.
• String: Parsed using the dateparse package, which accepts many common date and time formats. See the upstream examples for supported formats.

#Use case example

Convert date strings from log fields to datetime values for time-based filtering and analysis.

Query

['sample-http-logs']
| extend log_date = todatetime('2024-06-24')
| extend is_recent = _time >= log_date
| where is_recent == true
| project _time, ['uri'], ['status'], log_date

Run in Playground

Output

This example converts a date string to a datetime value and uses it for time-based comparisons, enabling precise date filtering in your queries.

#List of related functions

• totimespan: Converts input to timespan. Use totimespan for duration values, and todatetime for absolute time points.å