time
Subcommands
| Subcommand | Description | Syntax |
|---|---|---|
now | Returns the current date and time | now() |
strftime | Formats a timestamp into a string | strftime(<expr>, <expr>) |
strptime | Attempts to parse a string into a timestamp | strptime(<expr>, <expr>) |
Examples
now
Returns the current date and time as a timestamp:
| eval ts=now()
strftime
For a field timestamp containing epoch seconds 1704067200, this example formats it as 2024:
| eval formatted=strftime(timestamp, "%Y")
strptime
For a string "2024-01-01T00:00:00Z", this example parses it into a timestamp using ISO8601 format:
| eval parsed=strptime("2024-01-01T00:00:00Z", "%+")