https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553703#M157215 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;<BR /><BR />Thanks for the reply its working, but if we have all the logs with same kind for starttime how can we resolve that</P><P>&nbsp;</P><P>Thanks</P> Mon, 31 May 2021 10:32:20 GMT Nith1 2021-05-31T10:32:20Z https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553508#M157153 <P>Hi Team</P><P>&nbsp;</P><P>I have the time in this format&nbsp;<SPAN>"</SPAN><SPAN class="t">startTime</SPAN><SPAN>"</SPAN><SPAN class="t h">:<SPAN class="t">1606406489009 i wanted to convert it to date-month-year hour-seconds can someone please help me with the query</SPAN></SPAN></P> Fri, 28 May 2021 13:13:45 GMT https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553508#M157153 Nith1 2021-05-28T13:13:45Z https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553513#M157154 <LI-CODE lang="markup">| makeresults | eval _raw="\"startTime\":1606406489009" | rex "startTime\":(?&lt;time&gt;\d+)" | eval seconds=time/1000 | fieldformat seconds=strftime(seconds,"%Y-%m-%d %H:%M:%S.%Q")</LI-CODE> Fri, 28 May 2021 13:21:01 GMT https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553513#M157154 ITWhisperer 2021-05-28T13:21:01Z https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553597#M157179 You could found explanations for those variables here: <A href="https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Commontimeformatvariables" target="_blank">https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Commontimeformatvariables</A> Fri, 28 May 2021 22:15:26 GMT https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553597#M157179 isoutamo 2021-05-28T22:15:26Z https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553703#M157215 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/225168">@ITWhisperer</a>&nbsp;<BR /><BR />Thanks for the reply its working, but if we have all the logs with same kind for starttime how can we resolve that</P><P>&nbsp;</P><P>Thanks</P> Mon, 31 May 2021 10:32:20 GMT https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553703#M157215 Nith1 2021-05-31T10:32:20Z https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553717#M157217 <P>Not sure whether there is another question here - the rex extracts the digits as a number, the number represents milliseconds since epoch, time is usually stored as seconds since epoch so divide this number by 1000, this can be done with all your events with this format for time, to display in human-readable format use fieldformat with the appropriate settings.</P> Mon, 31 May 2021 14:44:48 GMT https://community.splunk.com/t5/Splunk-Search/Time-conversion/m-p/553717#M157217 ITWhisperer 2021-05-31T14:44:48Z