Hi,
My folks from cybersecurity wishes to display the epoch time under Description to human readable time. I can't seem to find it. I tried the Incident Review Settings but to no avail.
The screenshot below points to the value which I would like to modify.
Thanks in advance!
The description field comes from the notable adaptive response action as part of creating correlation search https://docs.splunk.com/Documentation/ES/5.3.0/Tutorials/NewCorrelationSearch
So, if you want to display a human readable time, your search should have a field, say, daytime and you can display it using $daytime$ within the description.
The description field comes from the notable adaptive response action as part of creating correlation search https://docs.splunk.com/Documentation/ES/5.3.0/Tutorials/NewCorrelationSearch
So, if you want to display a human readable time, your search should have a field, say, daytime and you can display it using $daytime$ within the description.