Solved: returns both time and date together

smolcj · ‎11-14-2012

Hi,
Using _time we will get the time of the event. so by using earliest(_time), time is produced as the result. is there any function to return both date and time. i.e. time stamp together.

thank you for your time

Ayn · ‎11-14-2012

Are you asking how to convert the _time value that you get in epoch format to something more humanly readable? In that case, use convert ctime(earliest(_time)) for that.

View solution in original post

Ayn · ‎11-14-2012

Are you asking how to convert the _time value that you get in epoch format to something more humanly readable? In that case, use convert ctime(earliest(_time)) for that.

smolcj · ‎11-14-2012

thanks AYN it worked well with ctime

..| convert ctime(_time) as time|stats earliest(time)

returns both time and date together

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation