Solved: How to convert epoch timestamp to readable date fo...

tattoostreet · ‎07-15-2014

Hi,

I am browsing information on one of our ticketing server databases, however, when I try to show table contents, it shows a weird format of date like the one below. Can anyone help how I can fix this? Thanks!

SystemLogID: 1713

CreatedDate: 1405343596.040

UserID: XX

Actions: XX

IsActive: XX

TicketID: XXXX

martin_mueller · ‎07-15-2014

That's an epoch timestamp, seconds.milliseconds since 1970. You can convert that to a readable format by appending this to your search:

... | fieldformat CreatedDate = strftime(CreatedDate, "%F %T.%3N")

View solution in original post

martin_mueller · ‎07-15-2014

That's an epoch timestamp, seconds.milliseconds since 1970. You can convert that to a readable format by appending this to your search:

... | fieldformat CreatedDate = strftime(CreatedDate, "%F %T.%3N")

sunnyparmar · ‎06-02-2015

Thanks.. It's work in my case..

bluemarvel · ‎08-04-2016

works thank you

brigancc · ‎12-08-2015

My Epoch timestamp was something like this

StartTime=1449559286189
EndTime=1449577678580

So dividing it by 1000 did the trick

eval StartTime=StartTime/1000, EndTime=EndTime/1000 | fieldformat StartTime=strftime(StartTime, "%F %T.%3N") | fieldformat EndTime=strftime(EndTime, "%F %T.%3N")

muralianup · ‎12-02-2015

Or you can create a macro as well.

How to convert epoch timestamp to readable date format?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation