Dealing with no timestamp (Bro integration)

DigiAngel · September 13, 2016, 9:42pm

Yea this is just testing and they are really small (like...187k). So here's my line:

PUT /_template/bro_template
{
  "template": "bro-*",
    "mappings": {
        "bro_ts": {
          "properties": {
            "ts": {
              "type": "date",
              "format": "epoch_millis"
            }
        }
      }  
  }
}

Fingers crossed that this works!

Topic		Replies	Views
Add the current date in mapping elasticsearch Elasticsearch	8	7909	July 5, 2017
ES 6.3 doesnot pickup date type feilds Elasticsearch	4	424	September 3, 2018
Date in index name using sense Elasticsearch	5	573	July 5, 2017
Index document with Linux CLI curl and custom document timestamp Elasticsearch	1	778	July 12, 2017
Add date to each new created entry in Elasticsearch Elasticsearch	1	557	July 5, 2017

Dealing with no timestamp (Bro integration)

Related topics