Report time

Nemo191 Nm

unread,

Mar 5, 2024, 3:40:24 AM3/5/24

to Wazuh | Mailing List

Please tell me, when creating the report, the time of the event is not generated: OpenSearch Dashboards - Discover ?

Md. Nazmur Sakib

unread,

Mar 5, 2024, 4:11:20 AM3/5/24

to Wazuh | Mailing List

Hi Nemo,
Good Day!
Can you explain the issue in detail so that I can understand it better? Are you referring to the CSV report of OpenSearch Dashboards - Discover?

Nemo191 Nm

unread,

Mar 5, 2024, 4:44:29 AM3/5/24

to Wazuh | Mailing List

Yes, in CSV from OpenSearch Dashboards - Discover

вторник, 5 марта 2024 г. в 12:11:20 UTC+3, Md. Nazmur Sakib:

Md. Nazmur Sakib

unread,

Mar 5, 2024, 5:03:28 AM3/5/24

to Wazuh | Mailing List

If you generate the CSV report without any filter you will find the source @ timestamp column inside the CSV file. The source @ timestamp field holds the value of your endpoint log time in UTC time

source @ timestamp

If you select fields including the timestamp the Discover will be available in the csv report. The timestamp will be available in UTC time.

Let me know if you need any further information regarding this.

Nemo191 Nm

unread,

Mar 5, 2024, 6:47:26 AM3/5/24

to Wazuh | Mailing List

Thanks you! it worked!

Can you also tell me how to edit saved queries OpenSearch-Discover?

вторник, 5 марта 2024 г. в 13:03:28 UTC+3, Md. Nazmur Sakib:

Md. Nazmur Sakib

unread,

Mar 5, 2024, 7:18:26 AM3/5/24

to Wazuh | Mailing List

Open the saved search again. After opening, customize the search and click on the save again. You will see the name of your opened search. Saving it will update it with the current search query.

Let me know if you need any further assistance on this.

Nemo191 Nm

unread,

Mar 5, 2024, 7:24:31 AM3/5/24

to Wazuh | Mailing List

Thank you!

вторник, 5 марта 2024 г. в 15:18:26 UTC+3, Md. Nazmur Sakib:

Reply all

Reply to author

Forward