This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 74%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello,
Is there an Azure Sentinel KQL that will allow me to take EPOCH time and display it as a normal DateTime such as 11/20/2020, 11:24:31.227 AM in a column as standard?
@Sean
Thank you for your post! When it comes to a KQL query that will allow you to convert EPOCH time to normal format, I found some links that might help with your issue.
How to use Azure Monitor Workbooks to map Sentinel data
Example: Unix time
I'd also recommend reaching out to our Azure Sentinel experts via their GitHub or Tech Community forum.
Azure Sentinel Tech Community
https://github.com/Azure/Azure-Sentinel
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
I managed to figure it out, here is the KQL that I used in the end (had to convert to long):
CommonSecurityLog
| extend SourceTime = unixtime_milliseconds_todatetime(tolong(ReceiptTime))
@Sean
Thank you for the follow up! I'm glad that you were able to resolve this issue and share your solution so others in the community facing similar issues can easily find the answer.
Thank you for your time and patience throughout this issue.