Solved: Epoch time returning wrong date far in the future

jravida · ‎01-27-2015

Hi folks,

Instead of using the _time to convert the Epoch time into something more readable. I want to use deviceCustomDate1, as it is a device detect time which is more useful. Problem is, all my timestamps ruturn 31 DEC 9999 as the date. I think this is due to the deviceCustomDate1 field being 13 digits instead of the usual 10, since the miliseconds are tracked. How can I get these 13-digit timestamps to eval using the strftime function?

martin_mueller · ‎01-27-2015

Divide the timestamp by 1000 before strftime()'ing it.

View solution in original post

martin_mueller · ‎01-27-2015

Divide the timestamp by 1000 before strftime()'ing it.

rrovers · ‎09-23-2021

But dividing it by 1000 makes it less accurate. Isn't there a way to convert it but also keep the miliseconds.

I found a post that in splunk it's only possible to convert 10 digits timestamp. But that post is from 2015. Hope splunk has more possibilities now

jravida · ‎01-27-2015

Elegant! I was overthinking it lol. I was thinking a props.conf edit!

Epoch time returning wrong date far in the future

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!