过去一周如何从雅典娜那里得到结果?
Kit*_*one 2 amazon-web-services amazon-athena
我正在使用Amazon Athena获取上周发生的所有控制台登录,现在我能够获得所有控制台登录,无论数据如何.我需要修改以下查询,以便此查询始终获取上周发生的所有aws控制台登录.
WITH events AS (
SELECT
event.eventVersion,
event.eventID,
event.eventTime,
event.eventName,
event.eventType,
event.eventSource,
event.awsRegion,
event.sourceIPAddress,
event.userAgent,
event.userIdentity.type AS userType,
event.userIdentity.arn AS userArn,
event.userIdentity.principalId as userPrincipalId,
event.userIdentity.accountId as userAccountId,
event.userIdentity.userName as userName
FROM cloudtrail.events
CROSS JOIN UNNEST (Records) AS r (event)
)
SELECT userName,sourceIPAddress,eventName,eventTime FROM events WHERE eventName='ConsoleLogin';
eventTime看起来像":
Ť
您可以使用from_iso8601_timestamp进行转换,例如
SELECT *
FROM my_table
WHERE from_iso8601_timestamp(my_iso_field) > current_timestamp - interval '7' day
如果该列以文本形式出现,则可以将其转换为时间戳.我发现Amazon Athena可以转换'2016-05-03 05:46:00'为时间戳,因此使用replace()函数将其转换为正确的格式:
select cast(replace(replace('2016-05-03T05:46:00Z', 'Z'), 'T', ' ') as timestamp)
因此,在您的WITH部分中,替换event.eventType为:
cast(replace(replace(event.eventType, 'Z'), 'T', ' ') as timestamp) AS eventType,
然后,您可以WHERE对日期使用标准语句,例如:
WHERE eventType > '2017-04-01'
或者过去一周(基于Presto文档):
WHERE eventType > current_date - interval '7' day
| 归档时间: |
|
| 查看次数: |
2788 次 |
| 最近记录: |