Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to show event time rather than ingestion time #130

Open
JTMosaic opened this issue Dec 18, 2023 · 0 comments
Open

Add option to show event time rather than ingestion time #130

JTMosaic opened this issue Dec 18, 2023 · 0 comments
Labels
reporter/community Issue reported by the community

Comments

@JTMosaic
Copy link

We had an issue where our AWS wodles were unable to connect to our S3 buckets for a few weeks. This happened after an upgrade from 4.5 to 4.7 and the AWS authentication method apparently changed.

We fixed the issue and Wazuh started reading the buckets and loading events. However, the events then show up in the dashboard with a time value of when they were ingested and not when the event occurred. Normally, when all is going well, these are within a few minutes of each other but, in this case, it can be several days apart:

image

It would be very useful to have the ability to change the time column on the events page to use a different date/time field from the events.

We've thought of trying to create a filter on data.aws.eventTime but the dashboard seems to treat it as a text value rather than a date and does not present range options such as after, before or between
@asteriscos asteriscos added the reporter/community Issue reported by the community label Jan 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
reporter/community Issue reported by the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asteriscos @JTMosaic