Hi everyone.

I'm trying to link my dashboard to a separate platform and the url of this new platform needs to contain a timestamp in epoch time. I have a table such that each row represents a cycle and I have a column that redirects the user to a separate platform passing into the url the epoch time of that row's timestamp.

The issue is that, for some reason, Splunk seems to be converting the timestamp to epoch + my timezone.

So, for example, on the screenshot below, you can see the timestamp of a certain row in UTC as 16:33:27.967

and, to debug, I built a new column such that whenever I click on it, it redirects me to an url that's simply the timestamp converted to epoch time. The code is of the form:

<table> 
  <search>
    <query>
      ...
    </query>
  </search>
  <drilldown>
    <condition field="Separate Platform">
      <eval token="epochFromCycle">case($row.StartTime$=="unkown", null(), 1==1, strptime($row.StartTime$, "%Y-%m-%dT%H:%M:%S.%Q"))</eval>
      <link target="_blank">
        <![CDATA[ 
          $epochFromCycle$ 
        ]]>
      </link>
    </condition>
  </drilldown>
</table>

But, when clicking on this "Separate Platform" column for the timestamp shown on the screenshot, I get the epoch time 1752521607. When looking into "epochconverter.com":

As stated on the screenshot, I'm at GMT-03. But the issue happens exactly the same way for a coworker who's located at GMT-04: for the same splunk timestamp, he clicks on the column to generate the link, and the epoch time that splunk returns is in fact 4 hours ahead (in this case, it returns the epoch equivalent of 8:33:27 PM).

What am I missing?

Thanks in advance, 
Pedro