问题描述
我正在上传一个XML,其中一个字段是dailyTime。这个DailyTime是一个纪元时间,我想将其转换为人类可读的时间。
myObjectList.stream().collect(Collectors.toMap(//how to extract key here?,Function.identity()));我的props.conf是
<globalView id="108" version="17" recordClassName="normalizedEvent" retention="0" hourly="-1" hourlyTime="1284336038994" daily="-1" dailyTime="1284336038994" intervalMilliseconds="60000" writeUniqueCountersTime="0">
<criteria bop="AND">
<left>
<expr>
<interval serialization="custom">
<com.q1labs.ariel.Interval>
<short>5000</short>
<boolean>true</boolean>
<short>5000</short>
<boolean>true</boolean>
</com.q1labs.ariel.Interval>
</interval>
</expr>
<key class
解决方法
通常,您会从时间戳(即纪元时间)转换为搜索中人类可读的内容
赞:
index=ndx sourcetype=srctp earliest=-4h
| stats max(_time) as rtime min(_time) as etime by fieldA
| sort 0 - rtime + fieldA
| eval rtime=strftime(rtime,"%c"),etime=strftime(etime,"%c")
| rename rtime as "Most Recent" etime as "Earliest"
Splunk strftime文档:https://docs.splunk.com/Documentation/Splunk/8.0.6/SearchReference/DateandTimeFunctions#strftime.28X.2CY.29
strptime和strftime的其他格式信息:https://strftime.org