Skip to main content
Introducing Polarity Intel Edition: Streamlining Intel Distribution for SecOps
Polarity Intel Edition
Request a Demo

Save Time By Recognizing Machine Time

Occasionally our users come across UNIX Epoch time, the representation of time as the number of seconds elapsed since January 1st, 1970. The representation was not meant to be human-readable and often users must convert the time to something more human consumable. For example, the UNIX Epoch timestamp

1445400000

will be converted into a representation of Year, Month, Day, Hour, Minute, Second

2015.10.21 04:00:00

(Geek points if you recognize the significance of the date above – answer below)

One of our users was feeling the pain of one-off lookups to convert timestamps in AIX operating system logs. So a couple weekends ago I wrote a Polarity integration to automatically overlay the human-readable timestamp anytime the UNIX Epoch version is on their screen.

Six lines with one regular expression to tell Polarity what to recognize:

One line to convert to a human-readable version of the date.

Here is a video of Polarity in action displaying the converted human-readable times in AIX last login logs. As an analyst sometimes you just need to check something quick and you are not going to go through the trouble of ingesting or parsing a whole log.

In case you were wondering the significance of that date above:

About the Author

Polarity

Polarity fuses knowledge and data together into one unified view, enabling immediate information delivery, automating knowledge transfer across teams, and allowing leaders to understand which of their data sources deliver value. Polarity revolutionizes how teams work, what they spend their time doing (completing tasks, not searching for context), and how informed their day to day decisions are.