All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

convert First discovered date to human readable date format

leonaheidern
New Member
‎09-17-2019 10:29 PM

Hi all I am using the default saved search in tenable app for splunk and the first discovered date is in 1568779472 .

How do I convert this value into a human readable date such as 2019/SEP/18

Tags (1)
0 Karma
Reply

leonaheidern
New Member
‎09-17-2019 11:02 PM

I am using Tenable.sc . Thanks at least now I know what the source time format is in so I can try updating the search

I am having an issue converting the date time format as the first_found and last_found dates are in the drilldown part of the query

I have tried editing the Source XML with
| eval first_found= strfptime(first_found ,"%25Y-%25m-%25dT%25H:%25M:%25S") | eval last_found= strfptime(last_found ,"%25Y-%25m-%25dT%25H:%25M:%25S")

However when I do this the dashboard becomes unclickable.

0 Karma
Reply

TheChrisSard
Engager
‎11-23-2023 09:10 AM

Not sure if this got solved, but I was able to get it formatted using the following:

| inputlookup sc_vuln_data_lookup
| eval first_found = strftime(first_found, "%c")
| eval last_found = strfrtime(last_found, "%c")
0 Karma
Reply

nkeuning
Communicator
‎09-17-2019 10:35 PM

There are a couple different ways you could do this.
- You could update your splunk search to convert these in real-time.
- You could customize the saved search to convert the timestamp from epoch to string prior to storing it in the lookup table. NOTE: T.sc and T.io provide different timestamp formats or the same values, so if you are using both you will need to take that into consideration with this option.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...