Date format is in string

Hi all,
Below is the powershell script I try to push the data to Elasticsearch. I'm able to do that. but the @timestamp field is loaded as string. Please help me.. what exactly I'm missing.. I'm not using logstash.. everything I need to manage in powershell

$hstnme=Hostname
$Time = (get-date).tostring("dd-MM-yyyy HH:mm:ss z")
$ComputerMemory =  Get-WmiObject -Class WIN32_OperatingSystem
$Memory = ((($ComputerMemory.TotalVisibleMemorySize - $ComputerMemory.FreePhysicalMemory)*100)/ $ComputerMemory.TotalVisibleMemorySize)
$CPUFull = (Get-WmiObject -class win32_processor | Measure-Object -property LoadPercentage -Average)
$CPU = $CPUFull.Average
$diskdetails = Get-WmiObject win32_logicaldisk |select name,freespace,size,@{Name='Used %';Expression={100-($_.freespace / $_.size)*100}}
$services = Get-Content "C:\serv.txt"
$serv = foreach ($serv in $services){
get-service $serv | select Name,Status
}
$Object = New-Object PSObject -Property ([ordered]@{ 

		"@timestamp"  = (get-date).tostring("dd-MM-yyyy HH:mm:ss z")
		"Hostname"      = $hstnme
		"CPU"                = $CPU
		"Memory"        = $Memory
		"Disk"              = $diskdetails
		"Services"        = $serv 
})
$jobj = $Object | convertTo-Json
$dte=(Get-Date).tostring("MM-dd-yyyy")
$url = "http://1.2.3.4:9200/lndex-$dte/stats
Invoke-RestMethod -Method Post -Uri $url -ContentType 'application/json'-Body $jobj -ErrorAction Stop | Out-Null

Thanks,

This format is not one that will be inferred by Elasticsearch to be a date field data type using the default format of a date data type.

You have a couple of options

  1. Create a mapping when creating the index that defines the @timestamp field explicitly as a date type and provides a format that matches the one you'll be sending

  2. Use a date format that will be inferred to be date type by Elasticsearch. For example, if you change to

"@timestamp"  = (get-date).tostring("yyyy-MM-dd'T'HH:mm:sssz")

Then it will be mapped as a date datatype. You can check this by performing a GET request on the index.

Personally, I would go with option 2, unless you have a compelling reason to use a different format.


An aside, you may be interested in using the Elastic.Console PowerShell module to index this into Elasticsearch. The script would look like

$hstnme=Hostname
$ComputerMemory =  Get-WmiObject -Class WIN32_OperatingSystem
$Memory = ((($ComputerMemory.TotalVisibleMemorySize - $ComputerMemory.FreePhysicalMemory)*100)/ $ComputerMemory.TotalVisibleMemorySize)
$CPUFull = (Get-WmiObject -class win32_processor | Measure-Object -property LoadPercentage -Average)
$CPU = $CPUFull.Average
$diskdetails = Get-WmiObject win32_logicaldisk |select name,freespace,size,@{Name='Used %';Expression={100-($_.freespace / $_.size)*100}}
$services = Get-Content "C:\serv.txt"
$serv = foreach ($serv in $services) {
    get-service $serv | select Name,Status
}

$body = @{ 
    "@timestamp"  = (Get-Date).ToString("o")
    "Hostname"    = $hstnme
    "CPU"         = $CPU
    "Memory"      = $Memory
    "Disk"        = $diskdetails
}

$dte=(Get-Date).tostring("MM-dd-yyyy")
$url = "http://1.2.3.4:9200/lndex-$dte"

es $url -Body $body -ErrorAction Stop | Out-Null
1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.