Solved: How to convert epoch timestamp to readable date fo...

tattoostreet · ‎07-15-2014

Hi,

I am browsing information on one of our ticketing server databases, however, when I try to show table contents, it shows a weird format of date like the one below. Can anyone help how I can fix this? Thanks!

SystemLogID: 1713

CreatedDate: 1405343596.040

UserID: XX

Actions: XX

IsActive: XX

TicketID: XXXX

martin_mueller · ‎07-15-2014

That's an epoch timestamp, seconds.milliseconds since 1970. You can convert that to a readable format by appending this to your search:

... | fieldformat CreatedDate = strftime(CreatedDate, "%F %T.%3N")

View solution in original post

martin_mueller · ‎07-15-2014

That's an epoch timestamp, seconds.milliseconds since 1970. You can convert that to a readable format by appending this to your search:

... | fieldformat CreatedDate = strftime(CreatedDate, "%F %T.%3N")

sunnyparmar · ‎06-02-2015

Thanks.. It's work in my case..

bluemarvel · ‎08-04-2016

works thank you

brigancc · ‎12-08-2015

My Epoch timestamp was something like this

StartTime=1449559286189
EndTime=1449577678580

So dividing it by 1000 did the trick

eval StartTime=StartTime/1000, EndTime=EndTime/1000 | fieldformat StartTime=strftime(StartTime, "%F %T.%3N") | fieldformat EndTime=strftime(EndTime, "%F %T.%3N")

muralianup · ‎12-02-2015

Or you can create a macro as well.

How to convert epoch timestamp to readable date format?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies