How could I convert this GMT time to EDT?
index="wineventlog" host=opdc* Account_Name=*test_user EventCode=4624
| makemv Account_Name
| mvexpand Account_Name
| eval day=strftime(_time, "%d-%m-%y")
| join type=left src_ip
[ search index=ad source=addnsscan earliest=-12h@h latest=now
| rename data as src_ip, name as hostname
| fields src_ip, hostname]
| stats earliest(_time) AS earliest by Account_Name, src_ip, hostname, day
| eval earliest=strftime(earliest,"%d/%m/%Y %H.%M.%S %Z")
1 Solution
