rock-dashboards icon indicating copy to clipboard operation
rock-dashboards copied to clipboard

Published 20 hours ago verified publisher icon rocknsm

event.duration incorrectly reported

Open ipninichuck opened this issue 4 years ago • 4 comments

Running RockNSM 2.4.2 Modified Logstash output to send data to Elastic Cloud ECS pipeline

While running initial tests using the ECS pipeline I found event.duration reporting time scales that made no sense and did not match results obtained with the non-ECS pipeline. The same version of RockNSM was being used in both instances. The old fields show proper decimal values showing expected durations for connections and dns requests. While the ECS acquired values are being given in hours, days and years. No changes to the filters have been made in logstash. I am wondering if this is a general issue or something I am only encountering before attempting to fix the problem. I have provided screenshots comparing the duration fields obtained from both the original and followed by the ECS. I encountered the issue while monitoring data of web activity on my laptop to verify that my pipeline was functioning properly. Screenshot (63) Screenshot (62)

ipninichuck avatar Dec 04 '19 17:12 ipninichuck