Format Timestamp Using formatTime()

Format a timestamp into a specific string pattern using the formatTime() function

Query

flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] result{{Result Set}} repo --> 1 1 --> result
logscale
| time := formatTime("%Y/%m/%d %H:%M:%S", field=@timestamp, locale=en_US, timezone=Z)

Introduction

The formatTime() function can be used to convert timestamp values into formatted strings using specified patterns. It supports various date and time format patterns, locales, and timezones to create customized datetime representations.

In this example, the formatTime() function is used to format the @timestamp field into a specific pattern with the format YYYY/MM/DD HH:mm:ss using US locale and UTC timezone and assigning the formatted timestamp to a new time field.

Example incoming data might look like this:

@timestampevent_typestatus
2025-08-27T08:51:51.312Zloginsuccess
2025-08-27T09:15:22.445Zlogoutsuccess
2025-08-27T10:30:15.891Zloginfailed
2025-08-27T11:45:33.167Zupdatesuccess
2025-08-27T12:20:44.723Zloginsuccess

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 1["Expression"] result{{Result Set}} repo --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    | time := formatTime("%Y/%m/%d %H:%M:%S", field=@timestamp, locale=en_US, timezone=Z)

    Creates a new field named time containing the formatted timestamp. The function takes the following parameters:

    • Format pattern %Y/%m/%d %H:%M:%S specifies year, month, day with forward slashes and hours, minutes, seconds with colons.

    • field parameter specifies the input timestamp field @timestamp.

    • locale parameter is set to en_US for US-style formatting.

    • timezone parameter is set to Z for UTC timezone.

  3. Event Result set.

Summary and Results

The query is used to transform ISO 8601 timestamps into a more readable format while maintaining UTC timezone.

This query is useful, for example, to standardize timestamp formats for reporting, create human-readable date representations in logs, or prepare data for export to systems requiring specific date formats.

Sample output from the incoming example data:

@timestampevent_typestatustime
2025-08-27T08:51:51.312Zloginsuccess2025/08/27 08:51:51
2025-08-27T09:15:22.445Zlogoutsuccess2025/08/27 09:15:22
2025-08-27T10:30:15.891Zloginfailed2025/08/27 10:30:15
2025-08-27T11:45:33.167Zupdatesuccess2025/08/27 11:45:33
2025-08-27T12:20:44.723Zloginsuccess2025/08/27 12:20:44