The most recent event received from host "x" is what I need to retrieve a time stamp from and post it in a panel. What could be the reason behind this? See below fo. 2/7/18 3:35:10. could I display the epoch time in a differet column? index=EventEndpoint | eval date=strftime(date,"%c") And index=EventEndpoint | eval epoch1=_timeCOVID-19 Response SplunkBase Developers Documentation. I can't write condition _time<30d@d - that is the reason. COVID-19 Response SplunkBase Developers Documentation. It will emit HH:MM:SS or DD+HH:MM:SS if over a day. 1. When you use _time in a search, Splunk assumes you want to see a human-readable time value, instead of an epoch time number of seconds. Using %s to parse the epoch time ( in miliseconds) gives a gibberish date. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. This is why I am trying to convert it before it is indexed. However, in using this query the output reflects a time format that is in EPOC format. Options. However, in this case the format is not valid: $ date -d"08 18 2016 09:18:25" "+%s" date: invalid date ‘08 18 2016 09:18:25’. . 7 Python 2. In my splunk search for getting the date of Nessus plugins feed version used in a scan I get the number returned in the orginal format used of year-month-date-time (for example November 7th 2023 at 1200 would display as 202311071200) that I would like to convert into a readable format that I can then manipluate in splunk such as if i want to get the. Use this scalar function with the eval or the filter streaming functions. Hello All, I am trying to find the difference between first time and last time in epoch time. I have a file that I am monitoring has time in epoch format milliseconds . In general what you want to do is take the separate fields, combine them into one field, and then use a conversion function to parse the represented time into epoch format and store that as _time. It's seconds, counting upward from January 1st, 1970. Considering converting from epoch is one of the most common Splunk questions of all time, considering this page has 46k views, and considering that each and every answer is entirely incorrect (and the actual question itself is misleading) this page is desperately in need of removal. ; If this is supposed to be the _time field, then make sure to update the. Converts an epoch/unix timestamp into a human readable date. sourcetype=syslog | convert mstime (_time) AS ms_time | table _time, ms_time. The rt field is a epoch computer time format. Hi @djoobbani,. For data already indexed, you can use Eval's strptime OR the convert command to switch this to epoch. The current time now () is already epoch so you just need to convert (at least during calculation of different) createdate field to epoch. ---Most of my log sources reports in 12 character Epoch time but I do have a few that reports in 18 character epoch time. News & Education. Usage of Splunk commands : CONVERT is as follows: This command converts the field values to numerical values. 000000 Hours minutes seconds: 2607:25:17. 0. Can anyone lend a hand? Thanks! How to convert epoch to local time? subtrakt. One way to determine the time difference between two time zones is to take any date and treat is as a UTC time stamp and as an EST one and subtract their corresponding epoch times. 0. 01-09-2014 07:28 AM. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. However, in using this query the output reflects a time format that is in EPOC format. Using the convert function or the strftime eval function provides you with the option to "name your format". 2/7/18 3:35:10. conf to convert these all to the timestamp for the events? An example of the first couple fields in the event are: rec_type=500 rec_type_simple="FILELOG EVENT" event_sec=1453991513. Use the strftime () function to convert an epoch time to a readable format. This is reviving a very old thread, but I will still post this in case someone else needs it. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. strptime() will convert strings to epoch times| eval _time=strptime(time,"%a, %d %b %Y %H:%M:%S %Z")Splunk Search: Convert Millseconds to Epoch Time; Options. I'd like to convert it to a standard month/day/year format. If you want to see the actual epoch time value, you can use eval to create an epoch time representation instead: | eval time_epoch = strftime (_time, "%s") As @mdsnmss suggested, you could also do. The base for excel date time is 1/1/1900 and for epoch is 1/1/1970, the 25569 is the adjustment of dates (for 70 years). BrowseSolution. The second half converts the epoch back into a string, which COVID-19 Response SplunkBase Developers DocumentationUsing Splunk: Splunk Search: How to convert epoch time to HH:MM:SS AFTER using. The Splunk Universal Forwarder may assign different sourcetype values for logs from the same source. UNIX time is the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), 1 January 1970. This timestamp, which is the time when the event occurred, is saved in UNIX time. Is it possible to convert the "rt" field to a user-friendly format? I searched through some of the other questions but none really addressed this specific question. Try this to verify that it extracts the value correctly: Look for a new field called 'uploadTime' and verify that it has the correct value. Subscribe to RSS Feed; Mark Topic as New; Mark Topic as Read; Float this Topic for Current User;This field is generated via the Splunk logging library, as I explained in my first entry here. 0 coins. Description. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. This timestamp, which is the time when the event occurred, is saved in UNIX time. SplunkTrust. 09-21-2017 04:57 PM. So. . Apps and Add-ons. . Splunk’s relative_time function takes in a value of start time and duration and returns a relative time value of time in epoch. datetime. 3, many of the form inputs can be extended to set / unset / eval tokens based on other tokens or their new values. Use time modifiers to customize the time range of a search or change the format of the timestamps in the search results. . I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. I have a time in the format of: Dec 23, 2015 11:45:26 BRST I'm trying to convert this to epoch time and later to a simple date format COVID-19 Response SplunkBase Developers Documentation BrowseI want to get the result of large epoch time to hours minutes and seconds. Please keep in mind that the result will be changed tomorrow because the string is assuming date. eval COVID-19 Response SplunkBase Developers DocumentationPS: Use eval tag to convert String time to Epoch using strptime() 3) Use tokens tokEarliest and tokLatest in your other searches in the dashboard which are epoch time. 1 Karma Reply. Ex: index=bar sourcetype=foo earliest=1350538170 latest=1350538870 | more search commands. Hi Folks, I am been trying to display latest time results. Subscribe to RSS Feed; Mark Topic as New; Mark Topic as Read; Float this Topic for Current User;. Try: |eval startTime=strptime('apiStartTime',Hi, I wonder whether someone may be able to help me please. g. I wish to work out the difference of these two times and then create an average of all the results - essentially this -> Average (Acknowledge_Date-Date_Created) Search. 2. 0 I have tried the following:Convert Index time RASHO. BrowseI believe this is because it needs to be in epoch time to make the calculation. Builder 03-26-2020 09:26 AM. How to convert epoch time with milliseconds into splunk at indexing time vrmandadi. Read more about strptime(). I know about the workaround of timestamp'1970-01-01 00:00:00' + ( "<my_field>" /86400 ) as eventTime, but preferably I do not ingest an extra field if. This has converted the times. . Usage The now () function is often used with other data and time functions. View solution in. getTime ()/1000) (or see stack overflow for dozens of variations) 01-05-2016 03:45 AM. How do you expect the conversion to epoch to work then? Guessing? If you have sufficient data and a known starting point you could extrapolate AM/PM over a stream of events based on the rollover from 11 to 12, flipping the A/P every time -. GMT (Greenwich Mean Time) is sometimes confused with UTC (Coordinated Universal Time). Thanks. How to convert epoch timestamp to readable date format?. (Assuming your date format is in that type of time stamp). All other brand names, product names, or trademarks belong to their respective owners. 89 mktime – Convert human readable time format epoch time format. I have a file that I am monitoring has time in epoch format milliseconds . If “x. . Browse^^^^Saves the newly filled in Epoch time blanks back into the lookup file. Kindly help | fields Day DOW "Call Volume" "Avg. I am trying to convert a timestamp, StartTime (current format: 2014-05-09T19:11:52. index=EventEndpoint | eval date=_time | table date _time will show you the time in both epoch and human readable time. How to convert large epoch time to hours minutes and seconds ?. . g. | eval Ingestion_Time_Logged=strftime( The epoch to convert is determined by a case statement. So I've been looking at the Splunk documentation here and. When we call a field into the eval command, we either create or manipulate that field for example: |eval x = 2. As a result, and based on other Splunk Answers posts, I tried to catch these options with logical statements (if, case), but those. 0. The first half of your SPL correctly converts an apiStartTime string into epoch form. I also don't want to start new search for just parsing timestamps (it has to be fast). When you use _time in a search, Splunk assumes you want to see a human-readable time value, instead of an epoch time number of seconds. You can use any UNIX time converter to convert the UNIX time to either GMT or your local time. Divide the time difference in epoch between 86400 and round it. hence replying link again. Solved! Jump to solution. Solution. It is not showing any value in the human readable time column. : the difference should tell me x amount days or hours. Mark as New; Bookmark Message; Subscribe to Message; Mute Message;. 3 ) with automatic timestamp recognition parses the timestamp ( epoch in milliseconds), but there is no strptime equivalent for that so I cant specify custom timestamp extraction. Thank you. COVID-19 Response SplunkBase Developers Documentation. Convert a string in ISO 8601 to local time zone (accounting for DST) 01-13-2020 12:51 PM. 430000 instead of the correct. Used in calculating the day of the year. Unfortunately, Splunk is not recognising the date when it gets indexed, so the "_time" field is when the data was indexed. if it's another time field you are working with, you need to make sure you convert your time into epoch time before extracting the month, like you are doing in the second example. 11-29-2019 09:30 AM. I have this on my log including epoch time, how I can convert the time next to msg to readable time. getTime ()/1000) (or see stack overflow for dozens of variations) 01-05-2016 03:45 AM. Hi @Mus, thank you once more for taking the time to help me. Too early on a Monday. It should also be pointed out (thanks to. | eval newdatefield = strftimeCOVID-19 Response SplunkBase Developers Documentation. Aug 8, 2019 at 23:48. 1. 04-07-2023 12:56 PM. Splunk Administration. What's the best way to convert it to the day of week? For example if I had a field called ODATE=2015-01-27 then I'd want a field called ODAY_OF_WEEK=Tuesday. If it is string time stamp i. It uses the timezone of the logged in user instead of the server local time. Convert Zulu time to epoch landzaat. 151:69280424)" Tags (1) Tags: splunk-enterprise. This works for me: | eval time = strftime(time, "%c")The answer lies in the difference between convert and eval, rather than between mktime () and strptime (). The general workflow for creating a CSV lookup in Splunk Web is to upload a file, share the lookup table file, and then create the lookup definition from the lookup table file. xxx. Description. Splunk does not have a function for converting time zones. Any help is appreciated. For example, if you create a field call time, convert user selection to epoch using <change> event/drilldown for time. Therefore, the unix time stamp is merely the number of seconds between a particular date and the Unix Epoch. 03-02-2016 10:59 AM. I'm running the below query to find out when was the last time an index checked in. the field Time contains string time value as per your given example, then you need to first convert the same to epoch time using strptime () and then use. The. Stack Overflow. Use time modifiers to customize the time range of a search or change the format of the timestamps in the search results. I'd like to convert it to a standard month/day/year format. BrowseWhen using time. Awesome. BrowseHi Experts! , Wondered if there was a way of doing this. After this you divide the result by 3600 which is an hour in seconds. I know that splunk reads the epoch time and converts it to human readable format under the _time field but I want to transform the raw events to have human readable format. COVID-19 Response SplunkBase Developers Documentation. US Pacific Daylight Time, the timezone where Splunk Headquarters is located. For more information about how the Splunk software determines a time zone and the tz database,. timestamp() print(ts) Output: 1575158400. Browse . Splunk Answers. e. To convert the epoch seconds value you can display an additional field with the timestamp(in the format you wish. The general workflow for creating a CSV lookup in Splunk Web is to upload a file, share the lookup table file, and then create the lookup definition from the lookup table file. Ex: Epoch time : 9386717. I want to use props. Any epoch time can be used. Delta will compute the difference between nearby results using the value of a specific numeric field. For example, the relative time 2 hours from a start time of 2:00 PM would be 12:00 PM. F. The statement "The date&time functions which work only on _time" is incorrect. Solution. If the indexer runs on a different timezone from the source machines, e. As i couldn't able to work with 13 Digits and when i changed form 13 Digits to 10 Digits it worked out well for me. Splunk ® Cloud Services SPL2 Search Manual Timestamps and time ranges Download topic as PDF Timestamps and time ranges Most events contain a timestamp. You can use any UNIX time converter to convert the UNIX time to either GMT or your local. 2. conversion from Epoch Time to string time. Splunk Data Stream Processor. _time is always stored in the Splunk indexes as an epoch time value. 12-02-2015 07:09 PM. The epoch time is reflecting in the events,I am extracting using regex in the search and after that trying to convert the epoch time and use it in the search. 1) The question doesn't actually provide a. In Splunk, create a new TCP Data Input port for each log source type to beCOVID-19 Response SplunkBase Developers Documentation. One way would be to make use of the strptime ()/strftime () functions of eval, which will let you convert time from strings, e. Monday is the first day of the week. @mdsnmss I have tried both but cant seem to change the field. . Community; Community; Splunk Answers. Hi How to convert the time format "2016-12-07T09:33:33. So this answer looks at the new value of the timepicker whenever it changes, and. floor ( (new Date). I have a file that I am monitoring has time in epoch format milliseconds . Solved: Hi All, I want to convert the following into Epoch time ,but it is not getting resolved. I have a timestamp in the format "19-06-2015 07:00:00 Europe/London". Considering converting from epoch is one of the most common Splunk questions of all time, considering this page has 46k views, and considering that each and every answer is entirely incorrect (and the actual question itself is misleading) this page is desperately in need of removal. Convert Date to Day of Week. I have events that are coming in with no timestamp except for a field "event_sec" which gives me the time in epoch format. however when I extract it using strftime(), it shows the time in PST (my local time) whereas the original time showed in Splunk events (i. | eval first. tostring with the duration format will output the time as [days]+[hours]:[minutes]:[seconds] ie: 2+03:12:05. %T The time in 24-hour notation (%H:%M:%S). | tstats latest(_time) WHERE index=* BY indexI think Splunk strptime () is converting the timezone. Engager 12-20-2021 11:01 AM. When you use _time in a search, Splunk assumes you want to see a human-readable time value, instead of an epoch time number of seconds. You need, then, to massage the string a bit before passing it to. Assuming that your local PST time stamp field, myPSTtime had no time zone in it, and a date of "03/11/2017 13:21:17", you'd convert using a method like this run-anywhere code. Splunk Data Fabric Search. g. It also assumes that you want to see this human readable time value in the current time zone of the user account. conf to convert it to human readable. So the 2:44 (or 4:44) is not duration expressed as H:M or M:S, but rather the actual time. 33. time. Splunk stores times in UTC and then renders them in the user's selected zone. 07-30-2010 09:53 PM. I tried investigated on this issue and out come is seems like 13 Digits EPOCH time is not supported by Splunk only 10 Digits with EPOCH is supported by Splunk API. For the ones that report in 18 characters, Splunk thinks that these events are happening in the future. e _time) is in UTC. Which in this case comes out to January 1, 2016. Thank you. How to convert epoch time with milliseconds into splunk at indexing time vrmandadi. Deployment Architecture; Getting Data In; Installation;. Try any of strptime or convert command. 0 Karma Reply. Solution. The time shown is GMT and I need to use this field when using a dashboard to accurately show data. Short-hand to convert python date/datetime to Epoch (without microseconds) Use strptime to parse the time, and call time () on it to get the Unix timestamp. that worked great. I'm trying to get each users first logon of the day over a period of time. I am having a problem with my strptime in that it is not working. Sure. Use timeformat option to specify exact format to convert from. So I've been looking at the Splunk documentation here and. I'm pretty sure SPL commands and functions don't work there 😉. Since Splunk uses 32-bit epoch time, events after 2038 cannot be indexed. Don't use time formatting functions as they will take account of your time zone, but it's simple to do the. I can reproduce proper results with any date in 1971 or newer, but none in 1970. 1) The question doesn't actually provide a standard epoch time. 0 Karma Reply. e. and i want the difference epoch time to be in human readable . . I would like to have a HTML label above the chart that. _time is always stored in the Splunk indexes as an epoch time value. Solved! Jump to solution. The string you illustrated looks like some combination of 4-digit year followed by some representation of month, day, hour, etc. g. Contributor 12-08-2014 09:43 AM. bowesmana. New Member. conf23! This event is being held at the Venetian Hotel in Las. Splunk Administration; Deployment Architecturein the example, Splunk interprets the _time_AEST variable as seconds since epoch (1970-01-01 00:00:00 UTC), and so technically Splunk is interpreting this as a different 'real world' time -- if you attempt to print the timezone of the date, it will incorrectly report the users configured timezone. How to extract a value from fields when using stats() 0. 06-06-2017 09:20 AM. events:. The %f format is for microseconds. Is there a way to fix this so that Splunk understands the 18 characters? The source for the dashboard is the following:The problem is that you are setting earliest_time and latest_time - but Splunk does not know how to relate that to the _time field that you have defined in your lookup table. unable to convert time i guess. 04-07-2023 12:56 PM. This seemed to work well, until it stopped working (we upgraded to Splunk 8 from 7 and I think this is when it stopped working. %T How to convert time to epoch time? What the best approach for this one? Mon 07/23/2018 17:19:01. This will allow you control which field to use for time. Literally speaking the epoch is Unix time 0 (midnight 1/1/1970), but 'epoch' is often used as a synonym for Unix time. 2. Tags: epoch. _time is the epoch time or the number of seconds from Midnight January 1 1970 UTC. This number hit 1 million (1,000,000) in March of 1973, and will hit one billion (1,000,000,000) on Sun Sep 9 01:46:39 2001 UTC. You can convert String Time in your old format to Epoch Time in new format using strptime() and then convert to string time of your new format using strftime(). That shows the desired five but there might be a better way. The current version %s supports Epoch with 10 digits only. Converting UNIX timestamps into dates and times. Any help is appreciated. Convert NT Epoch Time with props. 1) Create a search dashboard with timerange as input. COVID-19 Response SplunkBase Developers Documentation. By default, it will convert it to local time. what i have so far which let converts it in a readable format. The strptime function doesn't work with timestamps that consist of only a month and year. I have a logs where time stores under a custom field (Patch_date) and i want to display latest time result. conf to convert these all to the timestamp for the events? An example of the first couple fields in the event are: rec_type=500 rec_type_simple="FILELOG EVENT" event_sec=1453991513. Monitoring Splunk; Using Splunk; Splunk Search; Reporting; Alerting; Dashboards & Visualizations; Splunk Development; Building for the Splunk Platform; Splunk Platform Products; Splunk Enterprise; Splunk Cloud Platform; Splunk Data Stream Processor; Splunk Data Fabric Search; Splunk Premium Solutions; Security Premium. 040875200Z" to epoch time for calculating difference and then to readable format?How would I convert from Unix Epoch time store as an INT to something that Splunk will recognise as DATETIME? Normally, in SQL I would use DATEADD();. Solved: How to convert the date and time in the below format to epoch time? 201303140216 yyyymmddHHMM here hour and minute is in 12 hours clock, so. All you would need is | eval epoch1=_timeUsing Splunk: Splunk Search: How to convert time format 0:00:00:00 into a strin. I have unix time format on my log and wants to convert to human readable, the method using for epoch time didn't work for me. Solved: I have a conversion set up to change the epoch time | convert ctime(_time) as date time . Yes 13 Digits is not supported by Splunk only 10 Digits with EPOCH is supported by Splunk API. g. %X The time in the. Subscribe to RSS Feed; Mark Topic as New;. Hi, I wonder whether someone could help me please. I tried different ways. Eval-based commands irrevocably alter the field's data while convert is more of a "visual gloss" in that the field retains the original data and only the view/UI shows the converted value. 3365196938 [INFO user login to the system with valid account [xxx. Thanks Anyways SplunkBase Developers DocumentationUsing Splunk: Splunk Search: Convert log time (epoch) to readable Date and time; Options. 0 Regards ShraddhaHi I have a timestamp field with values as below "2016-08-25T13:30:36. When reporting, it will then display and normalize times to the time zone of the Splunk server. One is not limited to using now() in relative_time. 405Z into a Splunk time format so I can get time windows to use in streamstats. Epoch & Unix Timestamp Converter. Kindly help| fields Day DOW "Call Volume" "Avg. BrowseDashboards & Visualizations. When you use _time in a search, Splunk assumes you want to see a human-readable time value, instead of an epoch time number of seconds. This works perfectly. Next, we need to copy the time value you want to use into the _time field. For more information about working with dates and time, see. mstime () Syntax: mstime (<wc-field>) Description: Convert a [MM:]SS. Your help will be greatly appreaciated. The timestamp is the number of 100-nanoseconds intervals (1 nanosecond = one billionth of a second) since. Hi All, I am experiencing somewhat weird results when converting time to epoch in our Splunk environment. So use strptime to convert to epoch time this first:. Is there a better java time variable to convert "0" in epoch into 0. 040875200Z" to epoch time for calculating difference and then to readable. 02-12-2020 11:41 PM. I would like to take a large epoch time (8492963) and convert it into Days:Hours:Minutes:Seconds (for example 98:07:09:23). Friday, April 13, 2020 11:45:30 AM GMT -07:00. First, there seems to be a typo in the time format for strftime, instead of %M, its just M. E. The strptime function doesn't work with timestamps that consist of only a month and year. 690" to a date in splunk. 04-19-2023 03:06 AM. As i couldn't able to work with 13 Digits and when i. I want to convert them to human readable format for some arbitrary timezone other than UTC. From the search line I can easily leverage the strftime command to get the. Once that works, then this should do the math to convert _time to milliseconds, add the uploadTime, and convert the total time. _time is always in Unix epoch time. Splunk Employee. COVID-19 Response SplunkBase. The time returned by the now () function is represented in UNIX time, or in seconds since Epoch time. BrowseAnytime! :) COVID-19 Response SplunkBase Developers DocumentationSolved: I struggle with converting a time stamp into a date. D. That is, we're converting a epoch time into a string. Although the above search would only work if your time field is in Epoch time format, the handy thing about it Epoch time is that when sorting after using the fieldformat function, the time is only presented to the user in human readable format. Few examples below 7/24/2020 9:45:47 AM +05:30 7/23/2020 6:29:45 AM -05:00 7/24/2020 11:21:31 AM +07:00 7/24/2020 4:21:29 AM +00:00 I would like to find the differe. With daylight saving, CET is two hours ahead of UTC. Splunk Search: Re: Convert this time format to epoch; Options. I wish to work out the difference of these two times and then create an average of all the results - essentially this -> Average (Acknowledge_Date-Date_Created) Search. To convert time strings from one format to another you must strptime() convert to epoch form and then use strftime(). Since your data is already indexed with the timestring in epoch seconds the easiest way to convert it would be to use the IFX field picker. Options. The timestamps must include a day. strptime(), the returned time. Thanks Anyways. . . . It is date time information in epoch time in seconds. So I have two date fields - Date_Created & Acknowledge_Date both in the format YYYY-MM-DD HH:MM:SS. COVID-19 Response SplunkBase Developers Documentation. For more information about how the Splunk software determines a time zone and the tz database,. It's a Splunk SOAR (formerly Phantom) forum. Using Splunk: Splunk Search: How to convert time to strptime? Options. COVID-19 Response SplunkBase Developers Documentation. Solved: I want to get the result of large epoch time to hours minutes and seconds. This function takes a time represented by a string and parses the time into a UNIX timestamp format. 05-13-2014 11:58 AM. In most cases, this won't matter but might be. 737" "2016-08-25T11:05:32. I'm running the below query to find out when was the last time an index checked in. UNIX time is the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), 1 January 1970. In my index, I have a field that has been extracted for a "last checkin time". 1) The question doesn't actually provide a. . . If “x” was not an already listed field in our data, then I have now created a new field and have given that field the value of 2. ) Let's call this table timezone. What is the splunk query to convert java date format to yyyy-MM-dd. 2013-05-03 12:23:34 to epoch (which is the time expressed as the number of seconds since midnight Jan 1, 1970). Training & Certification Blog. Never thought strings could be not what they look like. If you want to do it in JS use something like var epoch = Math. How can I convert these timestamps to some specific output format, e. 040875200Z" to epoch time for calculating difference and then to readable format? I have a log event like this: Timestamp: 1477292160453180 537 The number 1477292160453180 is the number of microseconds since the Epoch: 1970-01-01 00:00:00 +0000 (UTC). "h") as it will convert offset to a 4 digit TZ offset (in my case +1100) and append h, so will do a relative_time addition of 1100 hours to my time, whereas it should be +11h. Use time modifiers to customize the time range of a search or change the format of the timestamps in the search results.