Hello guys,
i hope you are doing well,
so i'm facing a problem on the elastic siem app after parsing my logs and migrating them to ecs by logstash.
the problem is the following error on the host/ event view :
Data Fetch Failure
Invalid time value
but not on all my indexes just one of them i tried to rebuild timestamps but i still have this error.
if just someone could tell me the source of this one
thanks in the advance
We are not all guys here 
Make sure all indexes used by SIEM app all have @timestamp field of type date
Under Stack Management >> Advanced Setting
Hi Yassine,
thanks but the thing is all my indices have type date for the @timestamp field (same mapping)
Can you post an example? maybe it's a format problem?
Hi borna
Problem resolved.
it was an unstructured event.start format
Thanks
Thanks for posting that your problem was solved. I really 
the forums because of all the users always post their solution and what solved their problems for others to see.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
