Hello,
I am currently extracting a field from some event which looks like
Start_Time_ms=1277221722297
My event has no timestamp and this is the only time-related data I have, so I am trying to convert this to a readable date format (ie mm/dd/yy hh:mm:ss). I noticed that people have asked similar questions but all the answers seems to suggest to do this within the search command. However I was hoping to manipulate this number in a config file so that I would have a timestamp for my events. Are these types of operations possible? Or do I need to pre-process the data (again :< )? It would be cool if Splunk supported converting Epoch -> to date.
well thanks in advance.
... View more