Sridhar
(Sridhar B)
June 2, 2020, 7:58am
1
Hi all,
Below is the powershell script I try to push the data to Elasticsearch. I'm able to do that. but the @timestamp field is loaded as string. Please help me.. what exactly I'm missing.. I'm not using logstash.. everything I need to manage in powershell
$hstnme=Hostname
$Time = (get-date).tostring("dd-MM-yyyy HH:mm:ss z")
$ComputerMemory = Get-WmiObject -Class WIN32_OperatingSystem
$Memory = ((($ComputerMemory.TotalVisibleMemorySize - $ComputerMemory.FreePhysicalMemory)*100)/ $ComputerMemory.TotalVisibleMemorySize)
$CPUFull = (Get-WmiObject -class win32_processor | Measure-Object -property LoadPercentage -Average)
$CPU = $CPUFull.Average
$diskdetails = Get-WmiObject win32_logicaldisk |select name,freespace,size,@{Name='Used %';Expression={100-($_.freespace / $_.size)*100}}
$services = Get-Content "C:\serv.txt"
$serv = foreach ($serv in $services){
get-service $serv | select Name,Status
}
$Object = New-Object PSObject -Property ([ordered]@{
"@timestamp" = (get-date).tostring("dd-MM-yyyy HH:mm:ss z")
"Hostname" = $hstnme
"CPU" = $CPU
"Memory" = $Memory
"Disk" = $diskdetails
"Services" = $serv
})
$jobj = $Object | convertTo-Json
$dte=(Get-Date).tostring("MM-dd-yyyy")
$url = "http://1.2.3.4:9200/lndex-$dte/stats
Invoke-RestMethod -Method Post -Uri $url -ContentType 'application/json'-Body $jobj -ErrorAction Stop | Out-Null
Thanks,
forloop
(Russ Cam)
June 3, 2020, 5:54am
2
This format is not one that will be inferred by Elasticsearch to be a date
field data type using the default format
of a date
data type.
You have a couple of options
Create a mapping when creating the index that defines the @timestamp
field explicitly as a date
type and provides a format that matches the one you'll be sending
Use a date format that will be inferred to be date
type by Elasticsearch. For example, if you change to
"@timestamp" = (get-date).tostring("yyyy-MM-dd'T'HH:mm:sssz")
Then it will be mapped as a date
datatype. You can check this by performing a GET
request on the index.
Personally, I would go with option 2, unless you have a compelling reason to use a different format.
An aside, you may be interested in using the Elastic.Console
PowerShell module to index this into Elasticsearch. The script would look like
$hstnme=Hostname
$ComputerMemory = Get-WmiObject -Class WIN32_OperatingSystem
$Memory = ((($ComputerMemory.TotalVisibleMemorySize - $ComputerMemory.FreePhysicalMemory)*100)/ $ComputerMemory.TotalVisibleMemorySize)
$CPUFull = (Get-WmiObject -class win32_processor | Measure-Object -property LoadPercentage -Average)
$CPU = $CPUFull.Average
$diskdetails = Get-WmiObject win32_logicaldisk |select name,freespace,size,@{Name='Used %';Expression={100-($_.freespace / $_.size)*100}}
$services = Get-Content "C:\serv.txt"
$serv = foreach ($serv in $services) {
get-service $serv | select Name,Status
}
$body = @{
"@timestamp" = (Get-Date).ToString("o")
"Hostname" = $hstnme
"CPU" = $CPU
"Memory" = $Memory
"Disk" = $diskdetails
}
$dte=(Get-Date).tostring("MM-dd-yyyy")
$url = "http://1.2.3.4:9200/lndex-$dte"
es $url -Body $body -ErrorAction Stop | Out-Null
1 Like
system
(system)
Closed
July 1, 2020, 5:54am
3
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.