diff --git a/userspace/libsinsp/filterchecks.cpp b/userspace/libsinsp/filterchecks.cpp
index 16f6bcd2e5..f85cfff82d 100644
--- a/userspace/libsinsp/filterchecks.cpp
+++ b/userspace/libsinsp/filterchecks.cpp
@@ -2741,6 +2741,7 @@ const filtercheck_field_info sinsp_filter_check_event_fields[] =
 	{PT_UINT64, EPF_NONE, PF_ID, "evt.num", "event number."},
 	{PT_CHARBUF, EPF_NONE, PF_NA, "evt.time", "event timestamp as a time string that includes the nanosecond part."},
 	{PT_CHARBUF, EPF_NONE, PF_NA, "evt.time.s", "event timestamp as a time string with no nanoseconds."},
+	{PT_CHARBUF, EPF_NONE, PF_NA, "evt.time.iso8601", "event timestamp in ISO 8601 format, including nanoseconds and time zone offset (in UTC)."},
 	{PT_CHARBUF, EPF_NONE, PF_NA, "evt.datetime", "event timestamp as a time string that includes the date."},
 	{PT_ABSTIME, EPF_NONE, PF_DEC, "evt.rawtime", "absolute event timestamp, i.e. nanoseconds from epoch."},
 	{PT_ABSTIME, EPF_NONE, PF_DEC, "evt.rawtime.s", "integer part of the event timestamp (e.g. seconds since epoch)."},
@@ -3281,6 +3282,7 @@ Json::Value sinsp_filter_check_event::extract_as_js(sinsp_evt *evt, OUT uint32_t
 	{
 	case TYPE_TIME:
 	case TYPE_TIME_S:
+	case TYPE_TIME_ISO8601:
 	case TYPE_DATETIME:
 	case TYPE_RUNTIME_TIME_OUTPUT_FORMAT:
 		return (Json::Value::Int64)evt->get_ts();
@@ -3368,6 +3370,9 @@ uint8_t* sinsp_filter_check_event::extract(sinsp_evt *evt, OUT uint32_t* len, bo
 	case TYPE_TIME_S:
 		sinsp_utils::ts_to_string(evt->get_ts(), &m_strstorage, false, false);
 		RETURN_EXTRACT_STRING(m_strstorage);
+	case TYPE_TIME_ISO8601:
+		sinsp_utils::ts_to_iso_8601(evt->get_ts(), &m_strstorage);
+		RETURN_EXTRACT_STRING(m_strstorage);
 	case TYPE_DATETIME:
 		sinsp_utils::ts_to_string(evt->get_ts(), &m_strstorage, true, true);
 		RETURN_EXTRACT_STRING(m_strstorage);
diff --git a/userspace/libsinsp/filterchecks.h b/userspace/libsinsp/filterchecks.h
index 6e108e592e..586ee4f1bd 100644
--- a/userspace/libsinsp/filterchecks.h
+++ b/userspace/libsinsp/filterchecks.h
@@ -377,69 +377,70 @@ class sinsp_filter_check_event : public sinsp_filter_check
 		TYPE_NUMBER = 0,
 		TYPE_TIME = 1,
 		TYPE_TIME_S = 2,
-		TYPE_DATETIME = 3,
-		TYPE_RAWTS = 4,
-		TYPE_RAWTS_S = 5,
-		TYPE_RAWTS_NS = 6,
-		TYPE_RELTS = 7,
-		TYPE_RELTS_S = 8,
-		TYPE_RELTS_NS = 9,
-		TYPE_LATENCY = 10,
-		TYPE_LATENCY_S = 11,
-		TYPE_LATENCY_NS = 12,
-		TYPE_LATENCY_QUANTIZED = 13,
-		TYPE_LATENCY_HUMAN = 14,
-		TYPE_DELTA = 15,
-		TYPE_DELTA_S = 16,
-		TYPE_DELTA_NS = 17,
-		TYPE_RUNTIME_TIME_OUTPUT_FORMAT = 18,
-		TYPE_DIR = 19,
-		TYPE_TYPE = 20,
-		TYPE_TYPE_IS = 21,
-		TYPE_SYSCALL_TYPE = 22,
-		TYPE_CATEGORY = 23,
-		TYPE_CPU = 24,
-		TYPE_ARGS = 25,
-		TYPE_ARGSTR = 26,
-		TYPE_ARGRAW = 27,
-		TYPE_INFO = 28,
-		TYPE_BUFFER = 29,
-		TYPE_BUFLEN = 30,
-		TYPE_RESSTR = 31,
-		TYPE_RESRAW = 32,
-		TYPE_FAILED = 33,
-		TYPE_ISIO = 34,
-		TYPE_ISIO_READ = 35,
-		TYPE_ISIO_WRITE = 36,
-		TYPE_IODIR = 37,
-		TYPE_ISWAIT = 38,
-		TYPE_WAIT_LATENCY = 39,
-		TYPE_ISSYSLOG = 40,
-		TYPE_COUNT = 41,
-		TYPE_COUNT_ERROR = 42,
-		TYPE_COUNT_ERROR_FILE = 43,
-		TYPE_COUNT_ERROR_NET = 44,
-		TYPE_COUNT_ERROR_MEMORY = 45,
-		TYPE_COUNT_ERROR_OTHER = 46,
-		TYPE_COUNT_EXIT = 47,
-		TYPE_COUNT_PROCINFO = 48,
-		TYPE_COUNT_THREADINFO = 49,
-		TYPE_AROUND = 50,
-		TYPE_ABSPATH = 51,
-		TYPE_BUFLEN_IN = 52,
-		TYPE_BUFLEN_OUT = 53,
-		TYPE_BUFLEN_FILE = 54,
-		TYPE_BUFLEN_FILE_IN = 55,
-		TYPE_BUFLEN_FILE_OUT = 56,
-		TYPE_BUFLEN_NET = 57,
-		TYPE_BUFLEN_NET_IN = 58,
-		TYPE_BUFLEN_NET_OUT = 59,
-		TYPE_ISOPEN_READ = 60,
-		TYPE_ISOPEN_WRITE = 61,
-		TYPE_INFRA_DOCKER_NAME = 62,
-		TYPE_INFRA_DOCKER_CONTAINER_ID = 63,
-		TYPE_INFRA_DOCKER_CONTAINER_NAME = 64,
-		TYPE_INFRA_DOCKER_CONTAINER_IMAGE = 65
+		TYPE_TIME_ISO8601 = 3,
+		TYPE_DATETIME = 4,
+		TYPE_RAWTS = 5,
+		TYPE_RAWTS_S = 6,
+		TYPE_RAWTS_NS = 7,
+		TYPE_RELTS = 8,
+		TYPE_RELTS_S = 9,
+		TYPE_RELTS_NS = 10,
+		TYPE_LATENCY = 11,
+		TYPE_LATENCY_S = 12,
+		TYPE_LATENCY_NS = 13,
+		TYPE_LATENCY_QUANTIZED = 14,
+		TYPE_LATENCY_HUMAN = 15,
+		TYPE_DELTA = 16,
+		TYPE_DELTA_S = 17,
+		TYPE_DELTA_NS = 18,
+		TYPE_RUNTIME_TIME_OUTPUT_FORMAT = 19,
+		TYPE_DIR = 20,
+		TYPE_TYPE = 21,
+		TYPE_TYPE_IS = 22,
+		TYPE_SYSCALL_TYPE = 23,
+		TYPE_CATEGORY = 24,
+		TYPE_CPU = 25,
+		TYPE_ARGS = 26,
+		TYPE_ARGSTR = 27,
+		TYPE_ARGRAW = 28,
+		TYPE_INFO = 29,
+		TYPE_BUFFER = 30,
+		TYPE_BUFLEN = 31,
+		TYPE_RESSTR = 32,
+		TYPE_RESRAW = 33,
+		TYPE_FAILED = 34,
+		TYPE_ISIO = 35,
+		TYPE_ISIO_READ = 36,
+		TYPE_ISIO_WRITE = 37,
+		TYPE_IODIR = 38,
+		TYPE_ISWAIT = 39,
+		TYPE_WAIT_LATENCY = 40,
+		TYPE_ISSYSLOG = 41,
+		TYPE_COUNT = 42,
+		TYPE_COUNT_ERROR = 43,
+		TYPE_COUNT_ERROR_FILE = 44,
+		TYPE_COUNT_ERROR_NET = 45,
+		TYPE_COUNT_ERROR_MEMORY = 46,
+		TYPE_COUNT_ERROR_OTHER = 47,
+		TYPE_COUNT_EXIT = 48,
+		TYPE_COUNT_PROCINFO = 49,
+		TYPE_COUNT_THREADINFO = 50,
+		TYPE_AROUND = 51,
+		TYPE_ABSPATH = 52,
+		TYPE_BUFLEN_IN = 53,
+		TYPE_BUFLEN_OUT = 54,
+		TYPE_BUFLEN_FILE = 55,
+		TYPE_BUFLEN_FILE_IN = 56,
+		TYPE_BUFLEN_FILE_OUT = 57,
+		TYPE_BUFLEN_NET = 58,
+		TYPE_BUFLEN_NET_IN = 59,
+		TYPE_BUFLEN_NET_OUT = 60,
+		TYPE_ISOPEN_READ = 61,
+		TYPE_ISOPEN_WRITE = 62,
+		TYPE_INFRA_DOCKER_NAME = 63,
+		TYPE_INFRA_DOCKER_CONTAINER_ID = 64,
+		TYPE_INFRA_DOCKER_CONTAINER_NAME = 65,
+		TYPE_INFRA_DOCKER_CONTAINER_IMAGE = 66,
 	};
 
 	sinsp_filter_check_event();
diff --git a/userspace/libsinsp/utils.cpp b/userspace/libsinsp/utils.cpp
index 09a37b33fe..943c9c7c37 100644
--- a/userspace/libsinsp/utils.cpp
+++ b/userspace/libsinsp/utils.cpp
@@ -946,6 +946,34 @@ void sinsp_utils::ts_to_string(uint64_t ts, OUT string* res, bool date, bool ns)
 	*res = buf;
 }
 
+void sinsp_utils::ts_to_iso_8601(uint64_t ts, OUT string* res)
+{
+	static const char *fmt = "YYYY-MM-DDTHH:MM:SS-0000";
+	char buf[sizeof(fmt)];
+	uint64_t ns = ts % ONE_SECOND_IN_NS;
+	time_t sec = ts / ONE_SECOND_IN_NS;
+
+	if(strftime(buf, sizeof(buf), "%FT%T", gmtime(&sec)) == 0)
+	{
+		*res = fmt;
+		return;
+	}
+
+	*res = buf;
+	if(sprintf(buf, ".%09u", (unsigned) ns) < 0)
+	{
+		*res = fmt;
+		return;
+	}
+	*res += buf;
+	if(strftime(buf, sizeof(buf), "%z", gmtime(&sec)) == 0)
+	{
+		*res = fmt;
+		return;
+	}
+	*res += buf;
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 // Time utility functions.
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/userspace/libsinsp/utils.h b/userspace/libsinsp/utils.h
index 614ebdda7a..930a81d3c5 100644
--- a/userspace/libsinsp/utils.h
+++ b/userspace/libsinsp/utils.h
@@ -129,6 +129,8 @@ class sinsp_utils
 
 	static void ts_to_string(uint64_t ts, OUT std::string* res, bool date, bool ns);
 
+	static void ts_to_iso_8601(uint64_t ts, OUT std::string* res);
+
         // Limited version of iso 8601 time string parsing, that assumes a
         // timezone of Z for UTC, but does support parsing fractional seconds,
         // unlike get_epoch_utc_seconds_* below.