From 70c8d98d993df890deca78d71b42740ffbc37193 Mon Sep 17 00:00:00 2001
From: shizhendong <shizhendong@zdjizhi.com>
Date: Thu, 5 Sep 2024 15:56:00 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20OMPUB-1449=20opensearch-dashboard=20?=
 =?UTF-8?q?=E5=B1=95=E7=A4=BA=20ts=20=E5=AD=97=E6=AE=B5=E8=BD=AC=E5=8C=96?=
 =?UTF-8?q?=E4=B8=BA=E5=8F=AF=E8=A7=86=E5=8C=96=E7=9A=84=E6=97=B6=E9=97=B4?=
 =?UTF-8?q?=E6=A0=BC=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

1. 1725518539.484784 -> 2024-09-05 06:42:19.484
---
 .../module/runner/util/PcapParserThread.java  | 38 ++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/main/java/net/geedge/asw/module/runner/util/PcapParserThread.java b/src/main/java/net/geedge/asw/module/runner/util/PcapParserThread.java
index 8ac890a..4f04b95 100644
--- a/src/main/java/net/geedge/asw/module/runner/util/PcapParserThread.java
+++ b/src/main/java/net/geedge/asw/module/runner/util/PcapParserThread.java
@@ -28,6 +28,10 @@ import org.opensearch.client.opensearch.indices.IndexSettings;
 
 import java.io.File;
 import java.io.IOException;
+import java.time.Instant;
+import java.time.ZoneId;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
 import java.util.*;
 import java.util.stream.Collectors;
 
@@ -341,16 +345,23 @@ public class PcapParserThread implements Runnable {
                                                     .properties("version", Property.of(p2 -> p2.keyword(k -> k))))
                                     )
                             )
-                            .properties("ts", Property.of(p -> p.float_(f -> f)))
+                            .properties("ts", Property.of(p -> p.keyword(f -> f)))
                             .properties("tunnel_parents", Property.of(p -> p.text(t -> t)))
                             .properties("uid", Property.of(p -> p.keyword(k -> k)))
                     );
             openSearchClient.indices().create(createIndexRequestBuilder.build());
 
             // upload data in bulk
+            DateTimeFormatter timeFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS");
+
             BulkRequest.Builder br = new BulkRequest.Builder();
             for (int i = 0; i < jsonArray.size(); i++) {
                 JSONObject jsonObject = (JSONObject) jsonArray.get(i);
+
+                // 时间戳格式转换
+                String ts = jsonObject.getString("ts");
+                jsonObject.put("ts", this.convertTsToFormatDate(timeFormatter, ts));
+
                 String id = String.valueOf(i);
                 br.operations(op -> op.index(
                         idx -> idx.index(indexName)
@@ -374,6 +385,31 @@ public class PcapParserThread implements Runnable {
         }
     }
 
+    /**
+     * ts 时间戳格式转换
+     * 1725518539.484784 -> 2024-09-05 06:42:19.484
+     */
+    private String convertTsToFormatDate(DateTimeFormatter formatter, String ts) {
+        try {
+            String[] parts = ts.split("\\.");
+            long seconds = Long.parseLong(parts[0]);
+
+            // 将小数部分转换为纳秒
+            int nanos = 0;
+            if (parts.length > 1) {
+                String fractionalPart = parts[1];
+                nanos = (int) (Double.parseDouble("0." + fractionalPart) * 1_000_000_000);
+            }
+
+            Instant instant = Instant.ofEpochSecond(seconds, nanos);
+            ZonedDateTime zonedDateTime = instant.atZone(ZoneId.systemDefault());
+            return zonedDateTime.format(formatter);
+        } catch (Exception e) {
+            log.error(e, "[convertTsToFormatDate] [error] [ts: {}]", ts);
+        }
+        return ts;
+    }
+
     /**
      * update pcap status
      *