Timebased events for JSON POSTs

mkaka · February 26, 2019, 2:13am

Hello,

How can I create time based events in Kibana when I post something to elastic search?

How and What I am posting:

Function takes Json input in a loop.

def file_shipper(host_facts):
ES_HOST = "exampleelasticsearch"
es = Elasticsearch(host=ES_HOST)
index = "test"

es_index = IndicesClient(es)
if es_index.exists(index):
print(f"{index} already exists, skipping creation")
else:
es_index.create(index)
print(f"{index} is created")

req = requests.post(f'https://{host}/test/test',data=host_facts, verify=False)
print(req)

host_facts looks like this

{
"_index": "test",
"_type": "test",
"_id": "AWjom6txnKgMFUMColSE",
"_score": 1,
"_source": {
"ip": "10.40.220.134",
"hostname": "ARISTA-01-L3",
"vendor": "Arista",
"model": "DCS-7160-48YC6-F",
"os_version": "4.20.11M-10590868.42011M",
"uptime": 4243232,
"cpu": {
"0": {
"%usage": 14.1
}
},
"latency": {
"AWS-END-POINT": {
"RTT": 17.562,
"packetloss": 0
},
"SG2-END-POINT": {
"RTT": 0.33,
"packetloss": 0
}
},
"@timestamp" : October 24th 2018, 10:20:45.67
}
}
Question:
on kibana I'm not able to create timebased events, it works if I uncheck time based events. How can I populate timestamp correctly, so that I can create timebased events?

Thanks in advance!

thomasneirynck · February 27, 2019, 6:56pm

Kibana requires the timefield to actual have a date field-type in Elasticsearch.

Ensure that your Elasticsearch index uses a Date data-type (https://www.elastic.co/guide/en/elasticsearch/reference/current/date.html) for that @timestamp.

So verify your mapping is correct there in Elasticsearch. If not, you will have to set the mapping explicitly on your index, before adding documents.

system · March 27, 2019, 6:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.