Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Convert timestamp on Kibana

Convert timestamp on Kibana

New Contributor

Hi everyone.,

I want Kibana to show datetime format standard. I push Bro log via Bro Kafka plugin but It show timestamp format. Can you help me?

14264-kibana.png

4 REPLIES 4
Highlighted

Re: Convert timestamp on Kibana

Rising Star

You need to tell Elasticsearch to treat that field as a date. Once Elasticsearch knows that it is a date, then Kibana will display it properly.

The Elasticsearch template for Bro that is shipped with Metron can be used as a guide. The template already handles this situation [1]. Either directly install that template or create your own template using Metron's as a guide.

  • You can either define it specifically for one field, like this.
  • Or specify multiple fields that should be treated as dates, like this.

Also, note that the change will only take effect after the index rolls. if the indices roll every hour, then you need to wait until the next hour to see the change. Or if your data is disposable, just delete the index and see your change take effect immediately.

Re: Convert timestamp on Kibana

New Contributor

Hi @nallen. Thank you for your reply. I try to change "format": "strict_date_optional_time||epoch_millis" and delete index but Kibana don't display it properly.

Re: Convert timestamp on Kibana

Contributor

@Lee Adrian @nallen I also ran into the same issue. I changed ElasticSearch templates as well as storm parser for each data type, but it's still epoch_millis. I wonder do I need to change the sensor configuration itself? The epoch time is not useful to the users b/c they have to convert it

Re: Convert timestamp on Kibana

New Contributor

@Lee Adrian i managed to convert timestamp in metron Kibana, what i did was add below Paser config in metron sensor settings.

PARSER CONFIG

timestampField - timestamp

if you need more details feel free to contact me.

Don't have an account?
Coming from Hortonworks? Activate your account here