I have following Splunk Query which is trying to format Epoch captured start and end time into human readable format but seems like splunk is pulling incorrect value here...
index=wd_test source=*-1.0.0.log | fieldformat c_start=strftime(start,"%m/%d/%Y %H:%M:%S") | convert timeformat="%m/%d/%Y %H:%M:%S" ctime(end) as c_end | eval duration=(end-start)/1000|table start, c_start, end, c_end , duration, sla
I am getting following Result as part of executing above query
start c_start end c_end duration sla
1 1430167363808 12/31/9999 23:59:59 1430167364085 12/31/9999 23:59:59 0.277000 2
2 1430167236667 12/31/9999 23:59:59 1430167236856 12/31/9999 23:59:59 0.189000 2
Can someone help me here to resolve this issue ? I tried 2 different approaches here but none of them working.
Using following Online Epoch formatted tool i am able to convert successfully but not using Splunk....
http://www.freeformatter.com/epoch-timestamp-to-date-converter.html
I do not blame the search. It has something to do with the epoch time : 1430167363808 and 1430167236667 (13 digits) are milli seconds the culprit?
I just converted 2015-05-08 22:21:09 to epoch and the value is 1431138069 (10 digits). Something is not right with the digits 🙂
Thanks,
Raghav
I have a 13 digit epoch time and I can covert it with:
eval start_time=strftime((start/1000), "%m-%d-%Y %H:%M:%S.%3N"), end_time=strftime((end/1000), "%m-%d-%Y %H:%M:%S.%3N")
I tried to read online someone posted already similar question but there isn't any solution posted on this question too..... None of the answers from this post is working for me.
I do not blame the search. It has something to do with the epoch time : 1430167363808 and 1430167236667 (13 digits) are milli seconds the culprit?
I just converted 2015-05-08 22:21:09 to epoch and the value is 1431138069 (10 digits). Something is not right with the digits 🙂
Thanks,
Raghav
This Online Converter able to convert successfully. Without any issues here.
Try using this provided epoch time.
1430167363808 or 1430167236667 it is able to convert it successfully.
http://www.freeformatter.com/epoch-timestamp-to-date-converter.html
Yes 13 Digits is not supported by Splunk only 10 Digits with EPOCH is supported by Splunk API. As i couldn't able to work with 13 Digits and when i changed form 13 Digits to 10 Digits it worked out well for me.