Timestamps in Elastic data #1716

regulartim · 2024-12-16T13:51:55Z

regulartim
Dec 16, 2024

Hi! :) I am currently working on GreedyBear and have a question regarding timestamps in the Elastic data. It seems to me that every honeypot interaction has an @timestamp field that is not NULL. Is this assumption correct? If so, can you tell me since which version of T-Pot this is the case?

Answered by t3chn0m4g3

Dec 17, 2024

Awesome to hear GreedyBear development continues!

T-Pot events are always time based events, so there are the fields @timestamp and timestamp which should never be NULL, but contain a UTC derived timestamp.

View full answer

t3chn0m4g3 · 2024-12-17T10:58:01Z

t3chn0m4g3
Dec 17, 2024
Maintainer

Awesome to hear GreedyBear development continues!

T-Pot events are always time based events, so there are the fields @timestamp and timestamp which should never be NULL, but contain a UTC derived timestamp.

3 replies

regulartim Dec 17, 2024
Author

And it always has been like that?

t3chn0m4g3 Dec 17, 2024
Maintainer

I sure hope so, otherwise the time series based visualizations in Kibana would not work 😅
But this is a really deep stroll into the ELK woods, so no guarantees to the all-mighty-breaking-changes 😇

regulartim Dec 17, 2024
Author

Alright, thank you! :)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Timestamps in Elastic data #1716

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment 3 replies

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Timestamps in Elastic data #1716

regulartim Dec 16, 2024

Replies: 1 comment · 3 replies

t3chn0m4g3 Dec 17, 2024 Maintainer

regulartim Dec 17, 2024 Author

t3chn0m4g3 Dec 17, 2024 Maintainer

regulartim Dec 17, 2024 Author

regulartim
Dec 16, 2024

Replies: 1 comment 3 replies

t3chn0m4g3
Dec 17, 2024
Maintainer

regulartim Dec 17, 2024
Author

t3chn0m4g3 Dec 17, 2024
Maintainer

regulartim Dec 17, 2024
Author