Axiom Docs

Use the getmonth function in APL to extract the month number from a datetime value. The function returns an integer from 1 to 12, where 1 represents January and 12 represents December. You can use getmonth to group records by month when analyzing seasonal patterns, monthly trends, or periodic fluctuations in your data. This is useful for dashboards, monthly reporting, and cohort analysis. Use it when you want to:

Aggregate events by month for trend analysis.
Compare metrics across months to detect seasonal patterns.
Create monthly summaries across log, trace, or security datasets.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.

Splunk SPL users

In Splunk SPL, you typically use the strftime function with the %m specifier to extract the month number. In APL, the getmonth function directly returns the month number as an integer.

... | eval month=strftime(_time, "%m")

ANSI SQL users

In ANSI SQL, you use EXTRACT(MONTH FROM timestamp) or the MONTH() function to get the month number. In APL, getmonth provides the same result.

SELECT EXTRACT(MONTH FROM timestamp_column) AS month FROM events;

Usage

Syntax

getmonth(datetime)

Parameters

Name	Type	Description
datetime	`datetime`	The input datetime value.

Returns

An int from 1 to 12 representing the month number.

Use case examples

Log analysis
OpenTelemetry traces
Security logs

Analyze HTTP request volume by month to identify traffic patterns throughout the year.Query

['sample-http-logs']
| extend month = getmonth(_time)
| summarize request_count = count() by month
| sort by month asc

Run in PlaygroundOutput

month	request_count
1	4521
2	4187
3	4893

This query groups HTTP log entries by month number and counts the requests in each month.

Compare monthly average span durations by service to spot performance changes across months.Query

['otel-demo-traces']
| extend month = getmonth(_time)
| summarize avg_duration = avg(duration) by month, ['service.name']
| sort by month asc

Run in PlaygroundOutput

month	service.name	avg_duration
1	frontend	00:00:01.2340000
2	frontend	00:00:01.1890000
3	frontend	00:00:01.3020000

This query calculates the average span duration per month for each service, helping you track monthly performance trends.

Find which months have the most server errors to uncover seasonal reliability patterns.Query

['sample-http-logs']
| where toint(status) >= 500
| extend month = getmonth(_time)
| summarize error_count = count() by month
| sort by error_count desc

Run in PlaygroundOutput

month	error_count
7	89
12	76
3	54

This query identifies the months with the highest number of server errors, sorted by error count in descending order.

monthofyear: Returns the month number from a datetime. Equivalent to getmonth.
getyear: Extracts the year part from a datetime as an integer.
dayofmonth: Returns the day of the month from a datetime.
startofmonth: Returns the start of the month for a datetime, useful for monthly binning.
endofmonth: Returns the end of the month for a datetime value.

Get started

Functions

Operators

Reference

Migration

getmonth

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

Get started

Functions

Operators

Reference

Migration

​For users of other query languages

​Usage

​Syntax

​Parameters

​Returns

​Use case examples

​List of related functions

For users of other query languages

Usage

Syntax

Parameters

Returns

Use case examples

List of related functions