Posted
Occasionally our users come across UNIX Epoch time, the representation of time as the number of seconds elapsed since January 1st, 1970. The representation was not meant to be human-readable and often users must convert the time to something more human consumable. For example, the UNIX Epoch timestamp
1445400000
will be converted into a representation of Year, Month, Day, Hour, Minute, Second
2015.10.21 04:00:00
(Geek points if you recognize the significance of the date above – answer below)
One of our users was feeling the pain of one-off lookups to convert timestamps in AIX operating system logs. So a couple weekends ago I wrote a Polarity integration to automatically overlay the human-readable timestamp anytime the UNIX Epoch version is on their screen.
Six lines with one regular expression to tell Polarity what to recognize:
One line to convert to a human-readable version of the date.
Here is a video of Polarity in action displaying the converted human-readable times in AIX last login logs. As an analyst sometimes you just need to check something quick and you are not going to go through the trouble of ingesting or parsing a whole log.
In case you were wondering the significance of that date above: