search

jasonish / evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
https://evebox.org/
MIT License
418 stars 67 forks source link

Append hour to index name #158

Closed psuhaj closed 3 years ago

psuhaj commented 3 years ago

Hi, I want to create new index for suricata using Evebox every hour, so I want to append the hour to the index name. It should be like suricata-2021.03.17.08 not just suricata-2021.03.17. Is there any setting for this? I tryed to change line 50 in file src/elastic/importer.rs https://github.com/jasonish/evebox/blob/31266f37a839b702a510ab0ff062014bce7be2b7/src/elastic/importer.rs#L50 from format!("{}-{}", self.index, ts.format("%Y.%m.%d")) to format!("{}-{}", self.index, ts.format("%Y.%m.%d.%H")) and compile it, but seems like it is not working. Thank you.

psuhaj commented 3 years ago

Ok, I tryed it on fresh install of elastic and it seems working. Sorry for spam.