im_msvistalog EventTime being sent as String to ElasticSearch
Tags:
#1
chris.bowen
I'm attempting to demo xnlog and running into a problem where the Windows Server 2016 event logs are being sent to AWS ElasticSearch Service with the EventTime being a string. This basically renders it impossible to index the logs, as the Kibana board requires a time-field name and is not recongizing the string as a datetime. Any suggestions on this, or is this a potential bug with Server 2016?
#1
chris.bowen
I'm attempting to demo xnlog and running into a problem where the Windows Server 2016 event logs are being sent to AWS ElasticSearch Service with the EventTime being a string. This basically renders it impossible to index the logs, as the Kibana board requires a time-field name and is not recongizing the string as a datetime. Any suggestions on this, or is this a potential bug with Server 2016?
It's very unlikely that this is due to Windows 2016. Perhaps there is something in your config that converts it to a string but it's hard to tell the cause without that.
