Solved: Regarding Timestamps in CSV vs PDF

LiquidTension · ‎06-23-2014

I have some users who schedule a report to come as a CSV attachment. Within that the timestamp will display differently from a PDF export of the same data. Here is an example of the first 4 timestamps of the report as a CSV vs a PDF.

CSV (_time):
1402492281
1402464600
1402474609
1402474608

PDF (_time):
2014-06-11T08:11:21.000-05:00
2014-06-11T03:16:49.000-05:00
2014-06-11T03:16:48.000-05:00
2014-06-11T00:30:00.000-05:00

I get that the timestamp in the CSV is in unix epoch. Is there a document that confirms that an export to PDF automatically converts epoch to a more human readable format?

LiquidTension · ‎07-08-2014

Adding "convert ctime(_time) as timestamp" to the query allowed the csv export to display a friendlier timestamp.

View solution in original post

LiquidTension · ‎07-08-2014

Adding "convert ctime(_time) as timestamp" to the query allowed the csv export to display a friendlier timestamp.

Regarding Timestamps in CSV vs PDF

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation