Dealing with no timestamp (Bro integration)

DigiAngel · September 13, 2016, 9:42pm

Yea this is just testing and they are really small (like...187k). So here's my line:

PUT /_template/bro_template
{
  "template": "bro-*",
    "mappings": {
        "bro_ts": {
          "properties": {
            "ts": {
              "type": "date",
              "format": "epoch_millis"
            }
        }
      }  
  }
}

Fingers crossed that this works!

Topic		Replies	Views
Date in index name using sense Elasticsearch	5	573	July 5, 2017
Adding @timestamp to ES index turns in no results on kibana Kibana	5	2394	May 18, 2018
Adding a new field to an index Elasticsearch	6	1084	November 4, 2022
Mapping definition help (copy_to, dates) Elasticsearch	3	1242	July 6, 2017
ES timestamp index not working while creating index Elasticsearch	4	1969	June 29, 2018

Dealing with no timestamp (Bro integration)

Related Topics