Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Netflow from untangle has epoc issue with timestamp (1970 date in timestamp) #25011

Open
gauthig opened this issue Apr 10, 2021 · 5 comments
Open

Netflow from untangle has epoc issue with timestamp (1970 date in timestamp) #25011

gauthig opened this issue Apr 10, 2021 · 5 comments
Labels
bug Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution

Comments

@gauthig
Copy link

gauthig commented Apr 10, 2021

Looks like similar problem that Fortinet filebeat module had (Timezone parsing error in pipeline of Fortinet module #19010)

Using standard netflow filebeat module and untagle firewall with Netflow V9 format the timestamp in the index looks like:
"timestamp":"1970-01-01T02:50:49.000Z"

Several fields convert correctly several do not:

Working
event.created | Apr 10, 2021 @ 11:30:01.120
event.ingested | Apr 10, 2021 @ 11:30:02.533

Not working
netflow.exporter.timestamp | Dec 31, 1969 @ 20:26:19.000
event.start | Dec 31, 1969 @ 20:20:51.697
event.end | Dec 31, 1969 @ 20:21:16.792

ELK stack Version: 7.12.0
Ubuntu 20.04.2 LTS
Untangle 16
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 10, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 12, 2021
@jamiehynds jamiehynds added bug needs_team Indicates that the issue/PR needs a Team:* label labels Apr 12, 2021
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Apr 12, 2021
@botelastic
Copy link

botelastic bot commented Apr 12, 2021

This issue doesn't have a Team:<team> label.

@marc-gr
Copy link
Contributor

marc-gr commented Apr 12, 2021

Hello! Do you have some example of the raw logs that are not parsed correctly?

@adriansr adriansr self-assigned this Apr 13, 2021
@botelastic
Copy link

botelastic bot commented Nov 15, 2023

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Nov 15, 2023
@norrietaylor norrietaylor added Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution and removed Team:Security-External Integrations labels Jan 31, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@botelastic botelastic bot removed the Stalled label Jan 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Team:Security-Deployment and Devices Deployment and Devices Team in Security Solution
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@adriansr @marc-gr @elasticmachine @gauthig @jamiehynds @norrietaylor