Allow to search for 'parts' of a datetime field
real world scenario: I need to analyze my alerts distribution by time windows (i.e. how many of them overnight vs during the day) and based on week day (how many on Sunday, Monday, ...)
I think this scenario can be applied to every data source you have. To do that we need to be able to query on parts of the datetime fields.
I have this capability on my query language improvement backlog already. I would like to allow folks to search via local time (instead of ISO UTC time) and use keywords like Sunday, 6PM, etc.
This is currently behind JOIN, Regex, DEDUP, and search time custom field extraction.