Kibana date issues?

motts · October 23, 2018, 9:34pm

Hello,

I have some dates entered into ES, but when they are queried in Kibana, I get some funky numbers representing the dates. I am trying to filter out all the dates but October in this case, but can't seem to do that. Here is a sample

October 9th 2018, 13:11:22.519 (has this query)

{
  "query": {
    "match": {
      "EventTime": {
        "query": 1539105082519,
        "type": "phrase"
      }
    }
  }
}

In this example, I cannot type "EventTime:October*" for instance to get only October to show. The windows events were imported from a .evtx file and not in real time, otherwise I'd use that time it got into ES.

Any help would be appreciated

warkolm · October 24, 2018, 9:52am

What sort of numbers?
How is the EventTime field mapped?

motts · October 24, 2018, 1:07pm

The query number represents the date. The "EventTime" field is set up as a date field, according to kibana.

Here is a snip of that

motts · October 24, 2018, 8:15pm

I found a workaround for the moment. I changed the Index Pattern to look at the EventTime field for Time Based events instead of the @timestamp field.

system · November 21, 2018, 8:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.