CrowdStrike Certified Falcon Hunter (CCFH) — Question 23
SPL (Splunk) eval statements can be used to convert Unix times (Epoch) into UTC readable time. Which eval function is correct?
Answer options
- A. now
- B. typeof
- C. strftime
- D. relative_time
Correct answer: C
Explanation
The correct function is strftime, as it converts Unix time into a string formatted as UTC time. The 'now' function retrieves the current time, 'typeof' identifies the data type of a value, and 'relative_time' is used for calculating times relative to a specified time, not for formatting Unix timestamps.