https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652327#M225464 <P>Hi</P><P>I use a | stats min(_time) as time_min stats max(_time) as time_max command in my search</P><P>The time is displayed in Unix format</P><P>Example :</P><P>Time_min=1688019886.761</P><P>Time-max=1690461727.136</P><P>I have added an eval time=strftime(_time, "%d-%m-%Y %H:%M" before the stats in order to convert the time but the result is sometimes strange because the max time is older than the min time</P><P>How to convert the time properly please?</P> Fri, 28 Jul 2023 08:26:12 GMT jip31 2023-07-28T08:26:12Z https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652327#M225464 <P>Hi</P><P>I use a | stats min(_time) as time_min stats max(_time) as time_max command in my search</P><P>The time is displayed in Unix format</P><P>Example :</P><P>Time_min=1688019886.761</P><P>Time-max=1690461727.136</P><P>I have added an eval time=strftime(_time, "%d-%m-%Y %H:%M" before the stats in order to convert the time but the result is sometimes strange because the max time is older than the min time</P><P>How to convert the time properly please?</P> Fri, 28 Jul 2023 08:26:12 GMT https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652327#M225464 jip31 2023-07-28T08:26:12Z https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652330#M225465 <P>Try this:<SPAN><BR /></SPAN></P><P>&nbsp;</P><LI-CODE lang="markup">| stats min(_time) as time_min max(_time) as time_max | convert ctime(time_min) | convert ctime(time_max)</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P><SPAN>&nbsp;</SPAN></P> Fri, 28 Jul 2023 08:35:56 GMT https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652330#M225465 jotne 2023-07-28T08:35:56Z https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652336#M225468 <P>You need your search above and it needs to contain the <STRONG>_time</STRONG> field.&nbsp; &nbsp;Can you post your full SPL search?<BR /><BR /></P><P>&nbsp;</P><LI-CODE lang="markup">&lt;your search&gt; | stats min(_time) as time_min max(_time) as time_max | convert ctime(time_min) | convert ctime(time_max)</LI-CODE><P>&nbsp;</P><P>&nbsp;</P><P>This should work with all Splunk installation:</P><LI-CODE lang="markup">index=_internal | stats min(_time) as time_min max(_time) as time_max | convert ctime(time_min) | convert ctime(time_max)</LI-CODE> Fri, 28 Jul 2023 09:06:03 GMT https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652336#M225468 jotne 2023-07-28T09:06:03Z https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652338#M225470 <P>Tha.ks it works</P><P>And now if i want to format the time i need to do an eval _time?</P> Fri, 28 Jul 2023 09:08:47 GMT https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652338#M225470 jip31 2023-07-28T09:08:47Z https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652339#M225471 <P>If you like a custom format, yes, then your need to use eval and not convert.</P><P>PS if you can accept the answer it would be fine <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 28 Jul 2023 09:11:07 GMT https://community.splunk.com/t5/Splunk-Search/Help-to-convert-a-unix-time/m-p/652339#M225471 jotne 2023-07-28T09:11:07Z