I’m not a big fan of perl (just a personal preference) and I always look for ways that I can minimize its use.

To normalize the timestamp field most people pipe to this and it works quite well for them

|perl -p -e ‘s/^([0-9]*)/”[“.localtime($1).”]”/e’

I’m a big fan of awk and whenever possible I like to use it exclusively so now instead of piping to the above perl statement we can now use awk like this

| awk ‘{timestamp=strftime(“%D”,$1); $1=””; print timestamp$0}’

I use capital D for the format being an American.Yes I know its not internationally compatible, for available time formats you can look here http://www.gnu.org/software/gawk/manual/html_node/Time-Functions.html