I have a JSON data of pcap file as shown in
I want to see data with checked time at "Index contains time-based events" along with pcap time frame.
Hi @Gurram_Vinay,
in order to be able to select a field as the time-field in Kibana it has to have the date type in the mapping. Looking at the time fields in the JSON samples you posted you would probably have to preprocess them during ingestion in order for Elasticsearch to parse it correctly as timestamps.
Another option might be to use Packetbeat to ingest the pcap files directly. With that you would also gain access to preconfigured example dashboards in Kibana.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
