Splunk SOAR (f.k.a. Phantom)

How to convert to date time from Epoch?

JoshiSri
Explorer

I have a field named start_time on an artifact, and trying to send a mail to a team. But if I just choose the API name, it send the epoch time. It needs to be in the Readable format. Any child playbook or custom function for it please

Labels (1)
0 Karma
1 Solution

JoshiSri
Explorer

I had taken a look at it and it wont work the way it should, Instead I created a new custom code only one to convert the date format. Thanks Anyways

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@JoshiSri there is a datetime_modify community custom function that may help:

phanTom_0-1681200755408.png


-- If this helped please mark as a solution! Happy SOARing!

0 Karma

JoshiSri
Explorer

I had taken a look at it and it wont work the way it should, Instead I created a new custom code only one to convert the date format. Thanks Anyways

0 Karma

prasanthkota
Engager

Hello Joshi,

 

We are having a similar issue. Is it possible to share the custom code?

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Use the strftime() function to convert an epoch time to a readable format.

strftime 

PickleRick
SplunkTrust
SplunkTrust

It's a Splunk SOAR (formerly Phantom) forum. I'm pretty sure SPL commands and functions don't work there 😉

 

Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...