Skip to main content

Format Timestamp action

Available for event, alert, and incident workflows

This action formats an epoch timestamp as a human-readable date and time. An epoch timestamp logs the number of seconds elapsed since January 1st, 1970. For information on converting dates and times to epoch format, see this external resource.

This action takes the following inputs:

  • Input Field

    The epoch timestamp object field to format.

  • Date/Time Format

    The new format for the timestamp, as defined by a string pattern. The default pattern is: yyyy/MM/dd h:mm:ss a

    For example, using the default pattern, an epoch timestamp of 1678220899 will be converted to the following format: 2023/03/07 8:28:19 PM

    To define a new pattern, see the following section on Defining patterns for formatting.

  • Timezone

    The timezone for the formatted timestamp.

  • Output Field

    The field where you would like to place the formatted timestamp. Reusing the input field here is allowed.

Defining patterns for formatting

Patterns for defining a date/time format are based on simple sequences of letters and symbols. All letters 'A' to 'Z' and 'a' to 'z' are reserved as pattern letters. The following pattern letters are defined:

Symbol

Date or time meaning

Examples of output

G

Era

  • G, or GG, or GGG: AD

  • GGGG: Anno Domini

  • GGGGG: A

u

Year

  • u: 2023

  • uu: 23

y

Year of era

  • y: 2023

  • yy: 23

D

Day of year

  • D: 165

M

Month of year

  • M: 6

  • MM: 06

  • MMM: Jun

  • MMMM: June

  • MMMMM: J

d

Day of month

  • d: 14

g

Modified Julian day

  • g: 60109

Q

Quarter of year

  • Q: 2

  • QQ: 02

  • QQQ: Q2

  • QQQQ: 2nd quarter

Y

Week-based year

  • Y: 2023

  • YY: 23

w

Week of week-based year

  • w: 24

W

Week of month

  • W: 3

E

Day of week

  • E, or EE, or EEE: Wed

  • EEEE: Wednesday 

  • EEEEE: W

e

Localized day of week

  • e: 4

  • ee: 04

  • eee: Thu

  • eeee: Thursday

  • eeeee: T

F

Day of week in month

  • F: 7

a

AM/PM of day

  • a: AM

h

Clock hour of AM/PM (1-12)

  • h: 12

K

Hour of AM/PM (0-11)

  • K: 0

k

Clock hour of day (1-24)

  • k: 24

H

Hour of day (0-23)

  • H: 0

m

Minute of hour

  • m: 4

s

Second of minute

  • s: 43

S

Fraction of second

  • S: 0

A

Millisecond of day

  • A: 283000

n

Nanosecond of second

  • n: 0

N

Nanosecond of day

  • N: 283000000000

v

Generic time-zone name

  • v: GMT-06:00

  • vvvv: GMT-06:00

z

Time zone name

  • z: GMT-06:00

  • zzz: GMT-06:00

O

Localized zone offset

  • O: GMT-6

X

Zone offset (prints 'Z' for the zone offset 'Zero')

  • X: -06

x

Zone offset (prints '+00' for the zone offset 'Zero')

  • x: -06

  • xx: -0600

  • xxx: -06:00

Z

Zone offset

  • Z, or ZZ, or ZZZ: -0600

  • ZZZZ: GMT-06:00

  • ZZZZZ: -06:00

p

Pad next (pads the output of the pattern after it with spaces)

'

Escape for text

  • 'Month of': Month of

  • 'Month of' MMMM: Month of June

''

Single quote

'

[

Optional section start

]

Optional section end

Note that the format of the output is decided by the number of letters used in the pattern.

Example: MMMM formats the month in year as December, while MMM outputs the month in year as Dec.

Additionally, all non-letter characters other than '[', ']', '{', '}', '#' and the single quotation mark display in the output literally.

Event example

Format Timestamp works the same way for both events and incidents.

In this example, suppose that new events are generated with an epoch timestamp stored in a tag called tags.time. You want to adjust this timestamp for all new events to display the time in this format instead:

01 January 2023

You can accomplish this by creating an event workflow with a Format Timestamp action. After setting up the trigger, you can configure the Format Timestamp action as follows:

  • Input Field: tags.time

  • Date/Time Format: dd MMMM yyyy

  • Timezone: (GMT-08:00) Pacific Time (US and Canada) - America/Los_Angeles

  • Output Field: tags.time

Here is an example event that was processed by this workflow:

Event fields before

Event fields after

{
    "description": "CPU spike to 70%",
    "severity": 4,
    "source": "ussf-sw99",
    "check": "cpu",
    "service": [
        "retail",
        "support"
    ],
    "tags": {
        "serverID": "1022",
        "time": 1672611819
    }
}

{
    "description": "CPU spike to 70%",
    "severity": 4,
    "source": "ussf-sw99",
    "check": "cpu",
    "service": [
        "retail",
        "support"
    ],
    "timestamp": 1672611819,
    "tags": {
        "serverID": "1022",
        "time": "01 January 2023"
    }
}
 

Alert example

In this example, new events are generated with an epoch timestamp stored in a tag called tags.time. You want to adjust this timestamp for all new events to display the time in this format instead:

01/01/2022 00:00:00

  • Input Field: tags.time

  • Date/Time Format: MM/dd/yyyy HH:mm:ss

  • Timezone: (GMT+00:00) UTC - UTC

  • Output Field: tags.time

Here's an example alert that was processed by this workflow:

Alert fields before

Alert fields after

{
 ...
     "tags": {
        "integration_type": [
           "eventapi"
           ],
        "time": 1682977511
    }
 ...
}

{
 ...
     "tags": {
        "integration_type": [
           "eventapi"
           ],
         "time": "05/01/2023 21:45:11"
    }
 ...
}
 

Incident example

In this example, suppose that for all new incidents, you want to convert the epoch timestamp value in the created_at field into the following format and store it in a tag called tags.creation_time:

01-Jan-2022 00:00:00

You can accomplish this by creating an incident workflow with a Format Timestamp action. After setting up the trigger, configure the Format Timestamp action as follows:

  • Input Field: created_at

  • Date/Time Format: dd-M-yyyy hh:mm:ss

  • Timezone: (GMT+00:00) UTC - UTC

  • Output Field: tags.creation_time

Here is an example incident that was processed by this workflow:

Incident fields before

Incident fields after

{
    "status": "open",
    "severity": "major",
    "description": "CPU above 70%",
    "classes": [
      "Compute"
    ],
    "services": [
      "support",
      "retail"
    ],
    "tags": {
    },
    "severity_high_water": "major",
    "first_event_time": 1682977509,
    "last_event_time": 1682977509,
    "incident_id": 3,
    "created_at": 1682977511,
    "last_state_change": 1682977511,
    "correlation_definition": "65232808-474f-4118-8234-c401865442e6",
    "alerts": [
      3
    ],
    "in_maintenance": false,
    "total_alerts": 1,
    "manual_description_set": true,
    "resolving_steps": 0,
    "status_numeric": 1,
    "severity_numeric": 4
}

{
    "status": "open",
    "severity": "major",
    "description": "CPU above 70%",
    "classes": [
      "Compute"
    ],
    "services": [
      "support",
      "retail"
    ],
    "tags": {
      "creation_time": [
        "01-May-2023 21:45:11"
      ]
    },
    "severity_high_water": "major",
    "first_event_time": 1682977509,
    "last_event_time": 1682977509,
    "incident_id": 3,
    "created_at": 1682977511,
    "last_state_change": 1682977511,
    "correlation_definition": "65232808-474f-4118-8234-c401865442e6",
    "alerts": [
      3
    ],
    "in_maintenance": false,
    "total_alerts": 1,
    "manual_description_set": true,
    "resolving_steps": 0,
    "status_numeric": 1,
    "severity_numeric": 4
}
 
In this section: