I have following Splunk Query which is trying to format Epoch captured start and end time into human readable format but seems like splunk is pulling incorrect value here...
index=wd_test source=*-1.0.0.log | fieldformat c_start=strftime(start,"%m/%d/%Y %H:%M:%S") | convert timeformat="%m/%d/%Y %H:%M:%S" ctime(end) as c_end | eval duration=(end-start)/1000|table start, c_start, end, c_end , duration, sla
I am getting following Result as part of executing above query
start c_start end c_end duration sla
1 1430167363808 12/31/9999 23:59:59 1430167364085 12/31/9999 23:59:59 0.277000 2
2 1430167236667 12/31/9999 23:59:59 1430167236856 12/31/9999 23:59:59 0.189000 2
Can someone help me here to resolve this issue ? I tried 2 different approaches here but none of them working.
Using following Online Epoch formatted tool i am able to convert successfully but not using Splunk....
http://www.freeformatter.com/epoch-timestamp-to-date-converter.html
... View more