Abstract
Learn more about the Cortex Query Language timestamp_seconds()
function.
Syntax
timestamp_seconds (<integer>)
Description
The timestamp_seconds()
function converts an epoch time Integer value in seconds to a TIMESTAMP compatible value.
Note
Endpoint Detection and Response (EDR) columns store epoch milliseconds values so this function is more useful for values that you insert.
Example
Display a human-readable timestamp for the action_file_access_time
field.
alter access_timestamp = timestamp_seconds(1611882205) | limit 1