Elasticsearch Kibana date time parsing
hutchris opened this issue · 2 comments
The date_time field is in the wrong format for kibana to automatically format as a date. It will consequently only use the date field for datetime and all docs end up being displayed as occurring at the same time.
I managed to work around this by modifying the the lib/honeypy_elasticsearch.py file. I added "from datetime import datetime" and added this line within the post_elasticsearch function:
date_time = datetime.strptime(date_time,"%Y-%m-%d %H:%M:%S").isoformat()
Submit this as a pull request! I guess changing honeypy_elasticsearch.py is the simplest way to mitigate this, especially since Kibana is a product of Elastic, and per the Elasticsearch document should be formatted as hutchris suggests. https://www.elastic.co/guide/en/elasticsearch/reference/current/date.html