To convert the epoch time into a date formatted string, you can put the first two functions together, like this:
* | formatDate(_messagetime, "MM-dd-yyyy HH:mm:ss") as myDate
However, in the case where you are first using an aggregate operation on an epoch such as Min, Max Avg, you may also need to convert the return value to a "long" value using the toLong function. This is because when you run these aggregate functions, the return value gets reformatted as a double which the formatDate function cannot read. This may lead to the following error being displayed with your query.
No definition found for function formatDate(Double, String).
To address this we will need to add a conversion operation within the formatDate to convert the returned epoch to a long value.
| min(_messagetime) as mindate
| formatDate(toLong(mindate), "MM-dd-yyyy HH:mm:ss") as myDate
Sumo Logic further needs a 13 digit epoch timestamp for the formatDate operator. So in cases where you have 10 digit epoch timestamps, you will need to convert it to 13 digits by multiplying your current value by 1000.
Here is the sample query to convert a value to an accepted 13 digits within the formatDate operation:
* | formatDate(toLong(datetimedisconnect*1000),"MM-dd-yyyy HH:mm:ss") as time