Splunk SOAR

How to convert to date time from Epoch?

JoshiSri
Explorer

I have a field named start_time on an artifact, and trying to send a mail to a team. But if I just choose the API name, it send the epoch time. It needs to be in the Readable format. Any child playbook or custom function for it please

Labels (1)
0 Karma
1 Solution

JoshiSri
Explorer

I had taken a look at it and it wont work the way it should, Instead I created a new custom code only one to convert the date format. Thanks Anyways

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@JoshiSri there is a datetime_modify community custom function that may help:

phanTom_0-1681200755408.png


-- If this helped please mark as a solution! Happy SOARing!

0 Karma

JoshiSri
Explorer

I had taken a look at it and it wont work the way it should, Instead I created a new custom code only one to convert the date format. Thanks Anyways

0 Karma

prasanthkota
Engager

Hello Joshi,

 

We are having a similar issue. Is it possible to share the custom code?

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

Use the strftime() function to convert an epoch time to a readable format.

strftime 

PickleRick
SplunkTrust
SplunkTrust

It's a Splunk SOAR (formerly Phantom) forum. I'm pretty sure SPL commands and functions don't work there 😉

 

Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...