Re: convert First discovered date to human readabl...

leonaheidern · ‎09-17-2019

Hi all I am using the default saved search in tenable app for splunk and the first discovered date is in 1568779472 .

How do I convert this value into a human readable date such as 2019/SEP/18

leonaheidern · ‎09-17-2019

I am using Tenable.sc . Thanks at least now I know what the source time format is in so I can try updating the search

I am having an issue converting the date time format as the first_found and last_found dates are in the drilldown part of the query

I have tried editing the Source XML with
| eval first_found= strfptime(first_found ,"%25Y-%25m-%25dT%25H:%25M:%25S") | eval last_found= strfptime(last_found ,"%25Y-%25m-%25dT%25H:%25M:%25S")

However when I do this the dashboard becomes unclickable.

TheChrisSard · ‎11-23-2023

Not sure if this got solved, but I was able to get it formatted using the following:

| inputlookup sc_vuln_data_lookup
| eval first_found = strftime(first_found, "%c")
| eval last_found = strfrtime(last_found, "%c")

nkeuning · ‎09-17-2019

There are a couple different ways you could do this.
- You could update your splunk search to convert these in real-time.
- You could customize the saved search to convert the timestamp from epoch to string prior to storing it in the lookup table. NOTE: T.sc and T.io provide different timestamp formats or the same values, so if you are using both you will need to take that into consideration with this option.

convert First discovered date to human readable date format

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor