All Apps and Add-ons

Help with Netskope Breach_date calculation

usmsplunksme
Explorer

HI,

In the "Compromised Credential" alert type there is also a field called "breach_date" but the results are not in readable format (e.g 1383436800) is someone please able to assist in calculating this field to a more readable date?

0 Karma

lauruss
Observer

Hi there,

 

I know this post is old but maybe it will help someone else - I am using:

| eval breach_date=strftime(breach_date,"%d/%m/%y") 

 

 

0 Karma

Shan
Builder

Dear @usmsplunksme,

Try below option. Copy and run the code in search head, you will get the solution.
You can use eval command line in your query.

| makeresults
| eval StartTime=strftime("1383436800","%Y/%m/%d %H:%M:%S")
| table StartTime

Thanks ..

0 Karma

usmsplunksme
Explorer

Thanks for the answere that seemed to convert the string to a date and time format. but when i try and convert all entries in the extracted field it fails. my query is:

Search query | eval StartTime=strftime("extracted_field","%Y/%m/%d %H:%M:%S") | table StartTime

0 Karma

Shan
Builder

@usmsplunksme,

Can i see the extracted_field values.
what is the Error your getting, while running the query..

Thanks ..

0 Karma

usmsplunksme
Explorer

HI Shankaranath,

extracted values are:

1325376000

1338508800

1370908800

1439856000
1447286400

1447718400

1448928000

1456185600

1457049600

1457222400

1457654400

1458604800

1460073600

1464739200

1468713600

1470009600

1473206400

1475020800

1475366400

These are supposedly a date.

Thanks for the assistance

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...