Time Operations
now
Returns the current date and time in Unix Timestamp format.
In this example, the field res might have the value 1710752009.
... | eval res=now()
relative_time
Description: Takes a Unix timestamp and a relative offset parameter. Returns a new time in Unix Timestamp format.
Supported format: (+|-)<int>@(s|m|h|d|w|M)
- s — seconds
- m — minutes
- h — hours
- d — days
- w — weeks
- M — months
Default: seconds
In this example, res will have the value now() minus 1 day.
... | eval res=relative_time(now(), -1@d)
In this example, res will have the value now() plus 3600 seconds.
... | eval res=relative_time(now(), 3600)
strftime
Description: Takes a Unix timestamp and a format string to return the formatted date/time.
The function uses Joda Time format. Details in the documentation
In this example, res will have the value 2018-3-19T13:55:03.
... | eval StartTimestamp=1521467703049000000, starttime=strftime(StartTimestamp/pow(10,9),"Y-M-d'T'H:mm:ss")
strptime
Description: Takes a date/time and a format string. Returns a UNIX timestamp.
The function uses Joda Time format. Details in the documentation
In this example, res will have the value 1589892240.
... | eval starttime=strptime("2020-05-19 12:44","Y-M-d HH:mm")
time
Description: Returns the current date and time in Unix Timestamp format.
Example:
... | eval res=time()