All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

convert First discovered date to human readable date format

leonaheidern
New Member
‎09-17-2019 10:29 PM

Hi all I am using the default saved search in tenable app for splunk and the first discovered date is in 1568779472 .

How do I convert this value into a human readable date such as 2019/SEP/18

Tags (1)
0 Karma
Reply

leonaheidern
New Member
‎09-17-2019 11:02 PM

I am using Tenable.sc . Thanks at least now I know what the source time format is in so I can try updating the search

I am having an issue converting the date time format as the first_found and last_found dates are in the drilldown part of the query

I have tried editing the Source XML with
| eval first_found= strfptime(first_found ,"%25Y-%25m-%25dT%25H:%25M:%25S") | eval last_found= strfptime(last_found ,"%25Y-%25m-%25dT%25H:%25M:%25S")

However when I do this the dashboard becomes unclickable.

0 Karma
Reply

TheChrisSard
Engager
‎11-23-2023 09:10 AM

Not sure if this got solved, but I was able to get it formatted using the following:

| inputlookup sc_vuln_data_lookup
| eval first_found = strftime(first_found, "%c")
| eval last_found = strfrtime(last_found, "%c")
0 Karma
Reply

nkeuning
Communicator
‎09-17-2019 10:35 PM

There are a couple different ways you could do this.
- You could update your splunk search to convert these in real-time.
- You could customize the saved search to convert the timestamp from epoch to string prior to storing it in the lookup table. NOTE: T.sc and T.io provide different timestamp formats or the same values, so if you are using both you will need to take that into consideration with this option.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...