Elastic SIEM "Data Fetch Failure Invalid time value"

soufiane_adn · September 21, 2020, 3:33pm

Hello guys,
i hope you are doing well,
so i'm facing a problem on the elastic siem app after parsing my logs and migrating them to ecs by logstash.
the problem is the following error on the host/ event view :
Data Fetch Failure
Invalid time value
but not on all my indexes just one of them i tried to rebuild timestamps but i still have this error.
if just someone could tell me the source of this one

thanks in the advance

ylasri · September 21, 2020, 3:43pm

We are not all guys here
Make sure all indexes used by SIEM app all have @timestamp field of type date

Under Stack Management >> Advanced Setting

soufiane_adn · September 21, 2020, 4:50pm

Hi Yassine,
thanks but the thing is all my indices have type date for the @timestamp field (same mapping)

borna_talebi · September 21, 2020, 5:30pm

Can you post an example? maybe it's a format problem?

soufiane_adn · September 23, 2020, 11:16am

Hi borna
Problem resolved.
it was an unstructured event.start format
Thanks

Frank_Hassanabad · September 25, 2020, 2:07pm

Thanks for posting that your problem was solved. I really the forums because of all the users always post their solution and what solved their problems for others to see.

Topic		Replies	Views
Kibana SIEM Function: Failed to Parse Date field? (Epoch Time) SIEM	9	1169	August 25, 2020
Wrong hosts last event elastic siem SIEM	1	328	August 30, 2021
Shards failed warning on Network dashboard in SIEM app SIEM	9	2108	March 31, 2020
Timeline result of events not showing SIEM	9	1520	June 24, 2021
ES Error on logstash syslog input - Invalid date format Elasticsearch	3	887	July 6, 2017

Elastic SIEM "Data Fetch Failure Invalid time value"

Related topics