Splunk Search

How to convert epoch time to human readable format in search query?

ziyod2005
Explorer

Could someone please help me convert epoch time to human readable time?

"time":1407361408100

this is what i'm trying to get "time":"Wed, 06 Aug 2014 21:43:28"

Tags (3)
1 Solution

strive
Influencer

Try this

sourcetype=test | eval c_time=strftime(log_time,"%m/%d/%y %H:%M:%S") | table _time, c_time

the function strftime(X,Y) takes an epochtime value, X, as the first argument and renders it as a string using the format specified by Y.

View solution in original post

Supriya
Path Finder

Hi,

I'm looking for the answer for the question you posted,

Do you find any answer for this?

0 Karma

ziyod2005
Explorer

I'm trying to convert 1407361408100 to some human readable format.

I've tried to used convert function but not getting the correct result
sourcetype=test | convert timeformat=" %m/%d/%y %H:%M:%S" ctime(log_time) AS c_time | table _time, c_time

0 Karma

somesoni2
Revered Legend

Where are you trying to convert this?

Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...