Sometimes we get a time in a string field and we want to perform time operations on it or compare it to another timestamp value. It's incredibly tough to do that in a string field, but the timestamp.as_unix_seconds function makes this much easier!

This function expects the string format of the date to be in the form year-month-day hour:minute:second. Once the string is in that format, our function can convert this string to an epoch time value that can then be used with other functions. To assist us in getting the string into a proper format, there are other functions that can be nested to accomplish this including strings.concat and strings.substr.

Follow along in this video to see how we can applytimestamp.as_unix_seconds to our searches and rules. 

timestamp.as_unix_seconds converts a date value in a string to a timestamp that can then be used in time operations and is simple to use. Just supply the field or variable the value resides in but make sure that it is in proper format (YYYY-MM-DD HH:MM:SS). Functions like strings.concat and strings.substr can help getting this format in place before conversion.

Check out these additional resources with more information and learning opportunities:

• New to Google SecOps blog series
• Google SecOps Learning Path on Google Cloud Skills Boost
• Google SecOps documentation
• Google Cloud Security Community Events