Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Epoch time returning wrong date far in the future

jravida
Communicator
‎01-27-2015 01:39 PM

Hi folks,

Instead of using the _time to convert the Epoch time into something more readable. I want to use deviceCustomDate1, as it is a device detect time which is more useful. Problem is, all my timestamps ruturn 31 DEC 9999 as the date. I think this is due to the deviceCustomDate1 field being 13 digits instead of the usual 10, since the miliseconds are tracked. How can I get these 13-digit timestamps to eval using the strftime function?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-27-2015 01:45 PM

Divide the timestamp by 1000 before strftime()'ing it.

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-27-2015 01:45 PM

Divide the timestamp by 1000 before strftime()'ing it.

Reply
Solved! Jump to solution

rrovers
Contributor
‎09-23-2021 05:06 AM

But dividing it by 1000 makes it less accurate. Isn't there a way to convert it but also keep the miliseconds. 

I found a post that in splunk it's only possible to convert 10 digits timestamp. But that post is from 2015. Hope splunk has more possibilities now

0 Karma
Reply
Solved! Jump to solution

jravida
Communicator
‎01-27-2015 02:46 PM

Elegant! I was overthinking it lol. I was thinking a props.conf edit!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...