Archive
Highlighted

Convert log time (epoch) to readable Date and time

Communicator

I have this on my log including epoch time, how I can convert the time next to msg to readable time.

"rank=msg(1489546552.151:69280424)"

Tags (1)
0 Karma
Highlighted

Re: Convert log time (epoch) to readable Date and time

SplunkTrust
SplunkTrust
 ...|rex field=rank "msg\((?<epoch>\d+\.\d+)" 
 | convert ctime(epoch) 
 | table epoch

View solution in original post

Highlighted

Re: Convert log time (epoch) to readable Date and time

Communicator

thanks ,that works as expected.

0 Karma
Highlighted

Re: Convert log time (epoch) to readable Date and time

Esteemed Legend

Like this:

The setup:

| makeresults | eval rank="msg(1489546552.151:69280424)" 

The solution:

| rex field=rank "msg\((?<epoch>\d+\.\d+)"
| fieldformat epoch=strftime(epoch, "%m/%d/%Y %H:%M:%S")
0 Karma