Solved: Regarding Timestamps in CSV vs PDF

LiquidTension · ‎06-23-2014

I have some users who schedule a report to come as a CSV attachment. Within that the timestamp will display differently from a PDF export of the same data. Here is an example of the first 4 timestamps of the report as a CSV vs a PDF.

CSV (_time):
1402492281
1402464600
1402474609
1402474608

PDF (_time):
2014-06-11T08:11:21.000-05:00
2014-06-11T03:16:49.000-05:00
2014-06-11T03:16:48.000-05:00
2014-06-11T00:30:00.000-05:00

I get that the timestamp in the CSV is in unix epoch. Is there a document that confirms that an export to PDF automatically converts epoch to a more human readable format?

LiquidTension · ‎07-08-2014

Adding "convert ctime(_time) as timestamp" to the query allowed the csv export to display a friendlier timestamp.

View solution in original post

LiquidTension · ‎07-08-2014

Adding "convert ctime(_time) as timestamp" to the query allowed the csv export to display a friendlier timestamp.

Regarding Timestamps in CSV vs PDF

Blueprints for High-Maturity Operations: Splunk Lantern Articles on SOAR, ES 8.4, ...

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

Join the Conversation

Regarding Timestamps in CSV vs PDF

Blueprints for High-Maturity Operations: Splunk Lantern Articles on SOAR, ES 8.4, ...

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search