How to convert UTC to Unix time

f26227279 · October 22, 2017, 3:02am

the FIRST_SWITCHED field is Unix, and when I query the range of the time I need to map the time from UTC to Unix.
Could I have the way to convert UTC to Unix directly?
this is my query syntax

GET _search
{
"_source": {
    "includes": [ "FIRST_SWITCHED", "LAST_SWITCHED","IPV4_DST_ADDR","L7_PROTO_NAME","IN_BYTES","IN_PKTS","OUT_BYTES","OUT_PKTS"]
},
"query": {
"bool": {
  "must": [
    {
        "match" : { "_index" : "ntopng-2017.10.22" }
    }
    ,
    {
      "range" : {
        "FIRST_SWITCHED" : {
            "gte" : "1508478285"              //how to convert it to UTC
        }
        }
    }
  ]
}
},
"aggs": {
  "IN_PKTS": {
    "sum": {
      "field": "IN_PKTS"
    }
  },
  "IN_BYTES": {
    "sum": {
      "field": "IN_BYTES"
    }
  },
  "OUT_BYTES": {
    "sum": {
      "field": "OUT_BYTES"
    }
  },
  "OUT_PKTS": {
    "sum": {
      "field": "OUT_PKTS"
    }
  }  
}   
}

thank you in advance

spinscale · October 23, 2017, 8:36am

you need to store the field as a date in the mapping, so you can execute regular date range queries on it, without you having to do any conversion work.

See https://www.elastic.co/guide/en/elasticsearch/reference/5.6/date.html

system · November 20, 2017, 8:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.