to_timestamp - Reference Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM XQL Language Reference
Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-04-16
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language to_timestamp() function that converts an integer to a timestamp.

Syntax

to_timestamp (<integer>, <units>)

Description

The to_timestamp() function converts an integer to a timestamp. This function requires a units value, which indicates whether the integer represents seconds, milliseconds, or microseconds since the Unix epoch. Supported values are:

  • SECONDS

  • MILLIS

  • MICROS

Example

dataset = xdr_data 
| filter story_publish_timestamp != null 
| alter ts = to_timestamp(story_publish_timestamp, "MILLIS") 
| fields ts