Solution. Splunk stores times in UTC and then renders them in the user's selected zone. This timestamp, which is the time when the event occurred, is saved in UNIX time. 04-26-2016 12:07 PM. When reporting, it will then display and normalize times to the time zone of the Splunk server. Use timeformat option to specify exact format to convert from. The way they are listed in the file is as such: #1234567890 <command>. 2. Any help is appreciated. Hi Folks, I am been trying to display latest time results. Try this query. you can use an eval with strptime to convert your timestamps into epoch time for comparisons and then strftime to convert them back into readable strings. It's almost time for Splunk’s user conference . However, in this case the format is not valid: $ date -d"08 18 2016 09:18:25" "+%s" date: invalid date ‘08 18 2016 09:18:25’. The time returned by the now () function is represented in UNIX time, or in seconds since Epoch time. The epoch time is reflecting in the events,I am extracting using regex in the search and after that trying to convert the epoch time and use it in the search. strptime() will convert strings to epoch times| eval _time=strptime(time,"%a, %d %b %Y %H:%M:%S %Z")Splunk Search: Convert Millseconds to Epoch Time; Options. If fields are already in epoch, you can just calculate the difference without converting them. You could just create one event instead of three, or in the example, just return the first event:| head 1 If you're working with ISO time strings but unknown times in an unknown order, you can sort lexicographically:| sort time_1 | head 1 If the time format is known but not necessarily in ISO format. The strptime function doesn't work with timestamps that consist of only a month and year. Hi I am setting a time token "WFDate_tok_display1" which has timestamp value from the user click. | eval _time=strptime (date_field, "format_string") which will overwrite the. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. I have a time in the format of: Dec 23, 2015 11:45:26 BRST I'm trying to convert this to epoch time and later to a simple date format COVID-19 Response SplunkBase Developers Documentation BrowseI want to get the result of large epoch time to hours minutes and seconds. The current version %s supports Epoch with 10 digits only. Hi, I wonder whether someone could help me please. However, in using this query the output reflects a time format that is in EPOC format. An epoch is a numeric value representing. COVID-19 Response SplunkBase Developers Documentation. 1) The question doesn't actually provide a. 08-28-2014 12:53 AM. This function takes a time represented by a string and parses the time into a UNIX timestamp format. This is reported here as well, the problem revolves around the isnum check:. Splunk, Splunk>, Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or. conf to convert it to human readable. Convert Date to Day of Week. Any operation done with value of _time is already in epoch. Go to to suggest one or to up-vote someone else's idea. %T The time in 24-hour notation (%H:%M:%S). I would like the reported values of those fields to be human readable instead. I've seen a lot of questions asking to get just the date from date/time stamp and convert to epoch. It uses the timezone of the logged in user instead of the server local time. Monitoring Splunk; Using Splunk; Splunk Search; Reporting; Alerting; Dashboards & Visualizations; Splunk Development; Building for the Splunk Platform; Splunk Platform Products; Splunk Enterprise; Splunk Cloud Platform; Splunk Data Stream Processor; Splunk Data Fabric Search; Splunk Premium Solutions; Security Premium. So I've been looking at the Splunk documentation here and. Splunk’s relative_time function takes in a value of start time and duration and returns a relative time value of time in epoch. Before going through the pin of converting epoch, maybe the "delta" command will do what you are looking to achieve. Splunk, Splunk>, Turn Data Into. Try to determine which one is the best fit. g. This works for me: | eval time = strftime(time, "%c")The answer lies in the difference between convert and eval, rather than between mktime () and strptime (). | makeresults | eval message= "Happy Splunking!!!"Using Splunk: Splunk Search: Convert epoch time from drilldown parameter; Options. If you want to see the epoch v. events:. . 0. 040875200Z" to epoch time for calculating difference and then to readable. Splunk, Splunk>, Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or. With daylight saving, CET is two hours ahead of UTC. Splunk ® Cloud Services SPL2 Search Manual Timestamps and time ranges Download topic as PDF Timestamps and time ranges Most events contain a timestamp. Solved! Jump to solution. BrowseAnytime! :) COVID-19 Response SplunkBase Developers DocumentationSolved: I struggle with converting a time stamp into a date. 210" |. Can anyone lend a hand? Thanks! How to convert epoch to local time? subtrakt. When an event is processed by Splunk software, its timestamp is saved as the default field _time. Security; Getting Data In; Knowledge Management; Monitoring Splunk; Using Splunk; Splunk Search; Reporting; Alerting; Dashboards &. You use date and time variables to specify the format that matches string. I want to convert my default _time field to UNIX/Epoch time and have it in a different field. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. Any help is appreciated. Considering converting from epoch is one of the most common Splunk questions of all time, considering this page has 46k views, and considering that each and every answer is entirely incorrect (and the actual question itself is misleading) this page is desperately in need of removal. The Unix epoch (or Unix time or POSIX time or Unix timestamp) is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (in ISO 8601: 1970-01-01T00:00:00Z). Stack Overflow. I would like to keep just the date and ditch the. 1. bowesmana. . Thank you. So I've been looking at the Splunk documentation here and. . Valuable hint for all coming troubleshoots. Ex: index=bar sourcetype=foo earliest=1350538170 latest=1350538870 | more search commands. To be able to find the difference, both timestamp should be in epoch format. This dailyTime is an epoch time and i want to convert it into human readable time. If your date is not in UTC then you will need to convert. The rt field is a epoch computer time format. Too early on a Monday. UNIX time is the number of seconds that have elapsed since 00:00:00 Coordinated Universal Time (UTC), 1 January 1970. When used in a search, this function returns the UNIX time when the. You can convert ContextTimeStamp_decimal out of epoch time with: | convert ctime (ContextTimeStamp_decimal) All time stamp values are in UTC. Still a bit lost here So would I do this in transforms / props for example transforms [myeval] ingest_eval = epoch_time(strptime(processed_time, SplunkBase Developers Documentation BrowseHi . Subscribe to RSS Feed; Mark Topic as New; Mark Topic as Read; Float this Topic for Current User;. Proposed Solution: - Convert the field to epoch and run the sort command against the data set using the new epoch field. g. S tutorial for converting epoch time to hum. Solved! Jump to solution. Epoch times are in seconds, so if you want to display those as localised text based dates, you need to convert them. What are you using to display the data? Those base searches will only return raw results and not a stats/visualization. 12-02-2015 07:09 PM. Since your data is already indexed with the timestring in epoch seconds the easiest way to convert it would be to use the IFX field picker. 2013-05-03 12:23:34 to epoch (which is the time expressed as the number of seconds since midnight Jan 1, 1970). Tags: epoch. . The idea is that a user clicks on a field in a table row result, and the click opens a new tab to a separate dashboard w. Considering converting from epoch is one of the most common Splunk questions of all time, considering this page has 46k views, and considering that each and every answer is entirely incorrect (and the actual question itself is misleading) this page is desperately in need of removal. UPDATE: Ah, ziegfried has an important point. Try this to verify that it extracts the value correctly: Look for a new field called 'uploadTime' and verify that it has the correct value. _time is the epoch time or the number of seconds from Midnight January 1 1970 UTC. It'll only work if i am in the same timezone as the server, which is fine for me but not usually the case with others, and then the rest of the lines re-apply the timezone to double it. e. 531 AMAs of Splunk 6. In my splunk search for getting the date of Nessus plugins feed version used in a scan I get the number returned in the orginal format used of year-month-date-time (for example November 7th 2023 at 1200 would display as 202311071200) that I would like to convert into a readable format that I can then manipluate in splunk such as if i want to get the. I'm just not seeing the benefit to using an ISO string. For our use case, we are uploading the 'real world time' using time since Epoch (assigned to the _time property), and additionally upload a timestamp formatted as a date in local time field which Splunk interpets as a string. The canonical way to convert a datetime into epoch is to use: date "+%s" # for this moment's date date -d" some date" "+%s" # for a specific date. As part of our larger. The timestamp processor Solved: Is it possible to convert the following into an epoch timestamp using strptime; 2018-05-31T06:49:13Z Or will I need to use regex to rip out COVID-19 Response SplunkBase Developers Documentation Hi How to convert the time format "2016-12-07T09:33:33. You can always use the shortcut _time to convert timestamp out of epoch time. First you need to extract the time to upload as a field. If events. Convert Zulu time to epoch landzaat. It is the number of seconds that have elapsed since the Unix epoch, minus leap seconds; the Unix epoch is 00:00:00 UTC on 1 January 1970 (an arbitrary date); leap seconds are ignored,with a leap second having. Solution. Hi @Mus, thank you once more for taking the time to help me. For example, the result of the following function is 1001 : eval result = tostring (9, "binary") This is because the binary representation of 9 is 1001 . How to convert large epoch time to hours minutes and seconds ?. Training + Certification Discussions. conf to convert it to human readable. Splunk, Splunk>, Turn Data Into Doing, Data-to-Everything, and D2E are. Contributor 12-08-2014 09:43 AM. Use the eval command with mathematical functions. splunk date time difference. I'm running the below query to find out when was the last time an index checked in. How to convert epoch time with milliseconds into splunk at indexing time. Few examples below 7/24/2020 9:45:47 AM +05:30 7/23/2020 6:29:45 AM -05:00 7/24/2020 11:21:31 AM +07:00 7/24/2020 4:21:29 AM +00:00 I would like to find the differe. Subscribe to RSS Feed; Mark Topic as New; Mark Topic as Read; Float this Topic for Current User; Bookmark Topic;. Tags (1) Tags: Why mac. BrowseYes, Splunk and the source server may be in the same TZ, but epoch is always in UTC, which is why I figured that you may be in central Europe. All other brand names, product names, or trademarks belong to their respective owners. 82" "2016-08-25T13:13:38. Using ldapsearch queries in the splunk for windows ifnrastructure app, I am trying to convert the following fields timestamp which is the integer8 windows NT timestamp to epoch or other readable time after my query runs. Splunk, Splunk>, Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or. unable to convert time i guess. I think we're getting close :) 1406263182098 Fri,31 Dec 9999 23:59:59 1406263177094 Fri,31 Dec 9999 23:59:59I am unable to get this working too. Convert time to epoch time & time zone. Solved: Hi I need to Convert an #epoch time to #minutes any ideas please guys would be really grateful - Thanks There are a couple of ways to convert epoch time into a human-readable format, but first you must start with epoch time in seconds rather than milliseconds. M. This has converted the times to epoch. Awesome. Using %s to parse the epoch time ( in miliseconds) gives a gibberish date. Apps and Add-ons. Currently I have this host ="10. Assuming you dont need to do the hyph. Ex: Epoch time : 9386717. The strptime function doesn't work with timestamps that consist of only a month and year. It also assumes that you want to see this human readable time value in the current time zone of the user account that is currently logged in. COVID-19 Response SplunkBase Developers Documentation. Community is for Everyone! ️ Our incredible community is a vital part of Splunk’s customer. Assuming that your local PST time stamp field, myPSTtime had no time zone in it, and a date of "03/11/2017 13:21:17", you'd convert using a method like this run-anywhere code. Is there a way to use the props. g. 690" to a date in splunk. Is there a way to fix this so that Splunk understands the 18 characters? The source for the dashboard is the following:The problem is that you are setting earliest_time and latest_time - but Splunk does not know how to relate that to the _time field that you have defined in your lookup table. Convert it to some time format you prefer using eval and strftime. Community; Community; Splunk Answers. Convert this time format to epoch hagjos43. . Converters. It'll only work if i am in the same timezone as the server, which is fine for me but not usually the case with others, and then the rest of the lines re-apply the timezone to double it. I'm running the below query to find out when was the last time an index checked in. Is it possible to convert the "rt" field to a user-friendly format? I searched through some of the other questions but none really addressed this specific question. The computer knows its timezone and keeps its clock adjusted, so the timezone info is in. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. How do I perform this conversion from microseconds to a time unit in Splunk? Here. | eval utc_time = relative_time (epoch_time,strftime (epoch_time,"%z"). conf to convert it to human readable. 1540108800 = 8 AM on Sunday, 1540170000 = 1 AM on Monday. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. Don't use time formatting functions as they will take account of your time zone, but it's simple to do the. . hence replying link again. What setting should be placed in the props. How to convert epoch time with milliseconds into splunk at indexing time vrmandadi. 05-13-2014 11:58 AM. Example: |eval log_time=log_time/1000 |eval c_time=strftime(log_time,"%F %T") | table log_time, c_timeExamine the events in Splunk and note the sourcetype value listed below each event. _time is always stored in the Splunk indexes as an epoch time value. mstime () Syntax: mstime (<wc-field>) Description: Convert a [MM:]SS. In practice, Perl is often available:Subtracting DATE '1970-01-01' from the value will give the number of days (and fractional hours/minutes/seconds) difference and then you can multiply by 24*60*60: (date_value - DATE '1970-01-01')*24*60*60. What is the splunk query to convert java date format to yyyy-MM-dd. This moment in time is sometimes referred to as epoch time. Hello Splunk Community. As a result, and based on other Splunk Answers posts, I tried to catch these options with logical statements (if, case), but those. Convert NT Epoch Time with props. Splunk Data Stream Processor. This should be used in day today basis and how to convert timestamp in to date, month and year. However, you have couple of options. The current time now () is already epoch so you just need to convert (at least during calculation of different) createdate field to epoch. The epoch time is reflecting in the events,I am extracting using regex in the search and after that trying to convert the epoch time and use it in the search. Solved: Hi, i need to write a query that converts time format from minutes to format Xh Xmin Xs my query | eval finish_time_epoch = COVID-19 Response SplunkBase Developers Documentation BrowseThis Online Converter able to convert successfully. The data and time functions work on any field that is in epoch form. (Assuming your date format is in that type of time stamp). | eval humanTime = strftime(_time/1000, "%c") 09-04-2021 01:48 AM. Description. I have a time in the format of:COVID-19 Response SplunkBase Developers Documentation. <drilldo. Browse . . You need, then, to massage the string a bit before passing it to. Browse . convert unix time to human readable time. %T How to convert time to epoch time? What the best approach for this one? Mon 07/23/2018 17:19:01. xxx. You use date and time variables to specify the format that matches string. When parsing it need not be the full 6 digits. Hi, I wonder whether someone may be able to help me please. Hello Splunk Practitioners!In June, Splunk Customer Success introduced Product Adoption Boards -. You can specify the time format by timeforma t argument. Usage The now () function is often used with other data and time functions. If you want to see the actual epoch time value, you can use eval to create an epoch time representation instead: | eval time_epoch = strftime (_time, "%s") As @mdsnmss suggested, you could also do. ) Free Analyti. As i couldn't able to work with 13 Digits and when i changed form 13 Digits to 10 Digits it worked out well for me. I have this date string example: Mon, 01 May 2023 00:00:00 GMT how can I convert it to epoch? thanks!On Splunk Enterprise instances, if you need to modify timestamp extraction, specify the configuration on the indexers. . Converting UNIX timestamps into dates and times. Use time modifiers to customize the time range of a search or change the format of the timestamps in the search results. I have a file that I am monitoring has time in epoch format milliseconds . 2. somesoni2. I am looking to pass the a time range (-5m and +5m) relative to a row's _time value to another dashboard through the use of a drilldown but am having trouble getting this to work. I think you may have found a bug. Convert NT Epoch Time with props. | eval epoch1 = _time. conf. Browse . US Pacific Daylight Time, the timezone where Splunk Headquarters is located. Motivator 10-20-2015 01:41 AM. Thanks Anyways. . _time is always in Unix epoch time. 3, many of the form inputs can be extended to set / unset / eval tokens based on other tokens or their new values. sourcetype="adloader" | stats min(_time) AS earliest max(_time) AS latest by TransactionID | eval duration=latest-earliest | eval earliest=strftime(earliest,"%+") | table TransactionID earliest durationHI @Becherer,. 1 Solution. This seemed to work well, until it stopped working (we upgraded to Splunk 8 from 7 and I think this is when it stopped working. BrowseEpoch time conversion to time in Splunk. getTime ()/1000) (or see stack overflow for dozens of variations) 01-05-2016 03:45 AM. You can use a wildcard ( * ) character to specify all fields. Delta will compute the difference between nearby results using the value of a specific numeric field. Splunk stores times in UTC and then renders them in the user's selected zone. 08-26-2010 01:56 PM. %V - ISO week number of the year [1-53]. Thanks Anyways SplunkBase Developers DocumentationUsing Splunk: Splunk Search: Convert log time (epoch) to readable Date and time; Options. 01-09-2014 07:28 AM. 0. Thanks. I tried to add two new tokens to set the past window, but because the time picker can produce times in varying formats this didn't seem to work. Hello Friends, Welcome back to my channel. PS: Use eval tag to convert String time to Epoch using strptime() 3) Use tokens tokEarliest and tokLatest in your other searches in the dashboard which are epoch time. However, in using this query the output reflects a time format that is in EPOC format. To convert time strings from one format to another you must strptime() convert to epoch form and then use strftime(). Ways to Use the eval Command in Splunk. I tried to convert 1:00 AM and 8:00 AM to epoch time, and for some reason, the epoch time of 1:00 AM is greater than the epoch time of 8:00 AM. I would like to have a HTML label above the chart that. If you want to get super fancy and convert to your local timezone you can do so by knowing your UTC offset. I want to convert it to the local time zone, in this case CST or CDT. It also assumes that you want to see this human readable time value in the current time zone of the user account. You can specify the time format by timeformat argument. The generalized assumption in this question is that the formats cannot be known in advance or are too many to configure manually. Introduction Quick Reference Evaluation Functions Download topic as PDF Time modifiers Use time modifiers to customize the time range of a search or change the format of the. If you don’t specify AS clause with then old. This works perfectly. I'm calculating the diff between two dates in different formats which is working, unless the "start date" and "end date" are the same. "h") as it will convert offset to a 4 digit TZ offset (in my case +1100) and append h, so will do a relative_time addition of 1100 hours to my time, whereas it should be +11h. 2/7/18 3:35:10. 04-07-2023 12:56 PM. g. Is there a better java time variable to convert "0" in epoch into 0. datetime but it failed: >>> datetime. I am looking to format my current time to epoch time (as we need to calculate some math function on time) Time format for incidentEndTimeStr looks like this: 4/11/16 2:52 And used the eval command and strptime function below to change the format, but it doesn't work. However, in using this query the output reflects a time format that is in EPOC format. Options. index=ivz_onboarding_css_autosys source=Autosyscss1 | lookup timezonelookupdefine13+08:48:09. I have this on my log including epoch time, how I can convert the time next to msg to readable time. The _time field is different in that it IS epoch, but it is always shown in a text form. and i want the difference epoch time to be in human readable . Using Splunk: Splunk Search: How to convert time to strptime? Options. Handling Time" "Avg. converts a human readable date into an epoch/unix timestamp. Use timeformat option to specify exact format to convert from. Splunk does not have a function for converting time zones. BrowseCOVID-19 Response SplunkBase Developers Documentation. Multiplication by 86400 is to convert days into seconds (excel shows in days, epoch in seconds). Also that the time fields are not the ones that Splunk turns into _time or that we want to catch them before Splunk applies its own time conversion functions to the field. This number hit 1 million (1,000,000) in March of 1973, and will hit one billion (1,000,000,000) on Sun Sep 9 01:46:39 2001 UTC. . (Read Splunk Documentation and understand the difference between strptime() i. Kindly help | fields Day DOW "Call Volume" "Avg. 02-12-2020 11:41 PM. This is how the Time field looks now. 2/7/18 3:35:10. There are a couple of ways to convert epoch time into a human-readable format, but first you must start with epoch time in seconds rather than milliseconds. index=someindex. floor ( (new Date). Try this to verify that it extracts the value correctly: Look for a new field called 'uploadTime' and verify that it has the correct value. 01-10-2017 08:11 AM. BrowseYou can follow this document to set up a lookup: Use lookups in Splunk Web; per Define a CSV lookup in Splunk Web: CSV lookups are best for small sets of data. Splunk’s relative_time function takes in a value of start time and duration and returns a relative time value of time in epoch. It is not showing any value in the human readable time column. 0 Karma. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. . I tried below but that doesn't worked, base search |search Patch_date=latest(Patch_date) |table Patch_date,region,server,os_type,lo. Considering converting from epoch is one of the most common Splunk questions of all time, considering this page has 46k views, and considering that each and every answer is entirely incorrect (and the actual question itself is misleading) this page is desperately in need of removal. Your help will be greatly appreaciated. Epoch & Unix Timestamp Converter. I'm trying to get each users first logon of the day over a period of time. Description This function takes no arguments and returns the time that the search was started. I have a file that I am monitoring has time in epoch format milliseconds . Also that the time fields are not the ones that Splunk turns into _time or that we want to catch them before Splunk applies its own time conversion functions to the field. 10:55AM. I wish to work out the difference of these two times and then create an average of all the results - essentially this -> Average (Acknowledge_Date-Date_Created) Search. New Member 04-03-2019 08:45 AM. The first works fine , but getting it to use this for the event timestamp not. One thing I forgot is _time actually is already in epoch but just displayed human readable in Splunk UI. Deployment Architecture; Getting Data In;. Splunk Search: Re: Convert this time format to epoch; Options. 2 Karma. Searching the _time field. . Builder 03-26-2020 09:26 AM. 09-21-2017 04:57 PM. | eval newdatefield = strftimeCOVID-19 Response SplunkBase Developers Documentation. Note- The 'timestamp' ODATE is not the actual timestamp. Please keep in mind that the result will be changed tomorrow because the string is assuming date. This count starts at the Unix Epoch on January 1st, 1970 at UTC. Subscribe to RSS Feed; Mark Topic as New; Mark Topic as Read;. 405Z into a Splunk time format so I can get time windows to use in streamstats. One way to determine the time difference between two time zones is to take any date and treat is as a UTC time stamp and as an EST one and subtract their corresponding epoch times. addSeconds('1970-01-01T00:00:00Z', 1675667443)-----I think you may have found a bug. Training & Certification Blog. You can specify the time format by timeformat argument. 040875200Z" to epoch time for calculating difference and then to readable format?How would I convert from Unix Epoch time store as an INT to something that Splunk will recognise as DATETIME? Normally, in SQL I would use DATEADD();. I wish to work out the difference of these two times and then create an average of all the results - essentially this -> Average(Acknowledge_Date-Date_Created) SearchConvert time in CSV upload. relative_time expression meaning. I want to convert my default _time field to UNIX/Epoch time and have it in a different field. We want to convert that field in a desired. Deployment Architecture; Getting Data In; Installation;. 7 Python 2. The base for excel date time is 1/1/1900 and for epoch is 1/1/1970, the 25569 is the adjustment of dates (for 70 years). Solved: How to convert the date and time in the below format to epoch time? 201303140216 yyyymmddHHMM here hour and minute is in 12 hours clock, so. I want to use props. The UNIX Epoch Time timestamp, or the number of seconds since the Epoch: 1970-01-01 00:00:00 +0000 (UTC). Convert timepicker token to epoch time for eval, regardless of timepicker combination. Divide the time difference in epoch between 86400 and round it. I have a log event like this: Timestamp: 1477292160453180 537 The number 1477292160453180 is the number of microseconds since the Epoch: 1970-01-01 00:00:00 +0000 (UTC). Can somebody give me some guidance on how to correct this please? Tags (4)Splunk Cloud Platform; Splunk Data Stream Processor; Splunk Data Fabric Search; Splunk Premium Solutions; Security Premium Solutions; IT Ops Premium Solutions; Engineering Premium Solutions; Apps and Add-ons; All Apps and Add-ons; Discussions. Eval-based commands irrevocably alter the field's data while convert is more of a "visual gloss" in that the field retains the original data and only the view/UI shows the converted value. I'm trying to change the "apiStartTime" which is in the following format 'Sat Mar 5 00:00:00 2016' including the apostrophes to an epoch time so I can perform some date calculations. Can anyone help me convert these to epoch time and then subtract 2018-03-29 10:54:55. Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction. Since Splunk uses 32-bit epoch time, events after 2038 cannot be indexed. That shows the desired five but there might be a better way. The timestamp processorSolved: Is it possible to convert the following into an epoch timestamp using strptime; 2018-05-31T06:49:13Z Or will I need to use regex to rip out. Description This function takes no arguments and returns the time that the search was started. Ex: Epoch time : 9386717. 430000 instead of the correct. That is, we're converting a epoch time into a string. You can use any UNIX time converter to convert the UNIX time to either GMT or your local time. 04-26-2016 12:07 PM. Any help is appreciated. About; Products. Community. 05-13-2014 11:58 AM.