Solved: Re: Why is the Hunk timestamp column displaying he...

samardutta · ‎03-15-2017

Trying to query custom log in s3 in json parquet format through Hunk. But for some reason hunk is not displaying timestamp field "starttime" correctly.

{"ap_mac_address":"FF-FF-FF-FF-FF-FF","base_user_name":"00:25:4B:98:6C:BF","starttime":"��\t��\u0011\u0000\u0000�%\u0000","uniquehash":"6393fb43ffb35fa93b051f0b3ab8b3f4"...}

When I query the same file with other tools like hive/impala it display correct timestamp.

Are there any setting to display the timestamp correctly?

thanks.

kpawar_splunk · ‎04-06-2017

INT96 type is deprecated by parquet.
Official link here : https://issues.apache.org/jira/browse/PARQUET-323
Hunk currently does not support int96 type.
You can follow recommendation in the link (https://issues.apache.org/jira/browse/PARQUET-323) to replace int96 with some other type.

View solution in original post

kpawar_splunk · ‎04-06-2017

INT96 type is deprecated by parquet.
Official link here : https://issues.apache.org/jira/browse/PARQUET-323
Hunk currently does not support int96 type.
You can follow recommendation in the link (https://issues.apache.org/jira/browse/PARQUET-323) to replace int96 with some other type.

kpawar_splunk · ‎04-06-2017

What is the type of timestamp field(starttime). Is it int96, int64 or some other type.

samardutta · ‎04-06-2017

It is INT96 type

Why is the Hunk timestamp column displaying hex character?

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

Join the Conversation

Why is the Hunk timestamp column displaying hex character?

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination