Deployment Architecture
Highlighted

Given a bucket name of db_1274129994_1273525194_0 what is the span of the events within this bucket?

Champion

I have the following bucket: $SPLUNK_HOME/var/lib/splunk/defaultdb/db/db_1274129994_1273525194_0

Is there someway to calculate the date span of the events in this bucket?

Tags (1)
Highlighted

Re: Given a bucket name of db_1274129994_1273525194_0 what is the span of the events within this bucket?

Champion

You can use a site like http://www.epochconverter.com/ to convert epochtimes to "human readable" format.

There are 3 parts to the bucket name:

db_latesttime_earliesttime_idnum

For a bucket named db_1274129994_1273525194_0 you can plug-in the latesttime and earliesttime values to figure out the date/time range of the events within that bucket.

The events in this bucket fall between Mon, 10 May 2010 20:59:54 GMT and Mon, 17 May 2010 20:59:54 GMT.

View solution in original post

Highlighted

Re: Given a bucket name of db_1274129994_1273525194_0 what is the span of the events within this bucket?

Path Finder

Rather than taking the time to navigate to a site, this command line perl snippet will translate epoch time to your local time zone: "perl -e 'print scalar localtime '".

0 Karma