Kibana - The indices which match this index pattern don't contain any time fields

Question

This is my definition:

@Store(type="elasticsearch", hostname="localhost", username="elastic", password="changeme", port='9200', index.name = 'frauds', index.type='_doc') 
define table FraudIndex (timestamp long, creditCardNo string, suspiciousTrader string, amount double, currency string);

This is my query:

@info(name='SuspiciousTradeES')
from TradeStream as t join FraudTable as f
    on t.creditCardNo == f.creditCardNo
select eventTimestamp() as timestamp, t.creditCardNo, t.trader as suspiciousTrader, t.amount as amount, t.currency as currency
insert into FraudIndex;

Unfortunately Kibana cannot identify and time fields since its a 'number'.

How am I supposed to end up with possible timestamps?

EDIT: May I also add a question how I could use maps and geo_point type from WSO2SI?

Answer 1

Prepared my mappings manually and it worked.

{    
    "properties": {
        "timestamp": {
            "type": "date",
            "format": "yyyy-MM-dd HH:mm:ss"
        },
        "creditCardNo": {
            "type": "keyword"
        },
        "suspiciousTrader": {
            "type": "keyword"
        },
        "coordinates": {
            "type": "geo_point"
        },
        "amount": {
            "type": "double"
        },
        "currency": {
            "type": "keyword"
        }
    }
}    

Answer 2

I am having the same problem at step 2 when attempting to create an index pattern.

My Logstash template looks like this:

input {
  beats {
    port => 5044
    host => "0.0.0.0"
  }
}

filter {

  json {
    source => "message"
  }

  mutate {
    convert => {
      "startTime" => string
    }
  }
 
 date {
    match => [ "startTime" , "yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'" ]
    timezone => "UTC"
    target => "@timestamp"
 }

 mutate {
    remove_field => [ "startTime", "@version", "tags", "message", "ecs", "agent", "input", "host" ]
  }
}

output {
  elasticsearch {
    hosts => "${es_host}"
    user => "${es_user}"
    password => "${es_pwd}"
    index => "xxx-development-%{+YYYY.MM.dd}"
    ilm_enabled => true
    ilm_rollover_alias => "xxx-development"
    ilm_policy => "xxx-development"
  }
}

An example log message that is collected by Filebeat is something like this:

{"startTime":"2021-12-02T05:56:04.696Z","level":"FATAL","serviceName":"ABC","pid":3674,"logId":"App Unhandled Rejection","data":"blah" ,"ServicePid":3674}}}

My index template has :

"properties": {
        "@timestamp": {
          "type": "date"
        },

I do not know what else I can check to get this to work.