I've got a box running Kibana and Elasticsearch, with the information being handed across by fluentd. It's all working pretty well, and I've moved on to pushing Windows events through - which is where I'm struggling.
I'm using nxlog on a windows machine, and it's pushing the data directly to elasticsearch - unfortunately I cannot for love nor money get the date to be handled as a date, rather than a string; the nxlog output is:
Exec set_http_request_path(strftime($EventTime, "/windowsevents-%Y.%m.%d/" + $SourceModuleName)); delete($EventReceivedTime); rename_field("timestamp","@timestamp"); to_json();
I create a new index with a pattern of *windowsevents*\*, but the *EventTime* field is stated as a string, not a date - so I can't sort data by age. *@timestamp* clearly isn't getting populated, as the *timestamp* field isn't being used. Has anyone used a similar setup? Is there a way to push the data on as a date?
Apologies if I've missed out pertinent information - it's all a bit new to me.