Hi,
You don't need to convert "_time" values to Unix timestamps in order to use Time Series Forecasting in the Machine Learning Toolkit.
If you use "predict" command, then it needs to be preceded by the "timechart" command. See: https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Predict
There is no such requirement for ARIMA algorithm: https://docs.splunk.com/Documentation/MLApp/3.1.0/User/ForecastTimeSeries
You can always modify the format of the time values after you perform the forecasting.
Please refer to the time-series forecasting showcases available in the app for more examples.
... View more