elasticsearchkibanaelasticsearch-7
ElasticSearch / Kibana timestamp - field or _source?
My single raw document in ES/Kibana looks like this:
{
"_index": "fluentd.apache.access.20191202",
"_type": "_doc",
"_id": "8jql724B3OrCHx56JnWb",
"_score": 1,
"_source": {
"serveraddress": "....",
"clientaddress": "...",
"@timestamp": "2019-12-02T11:00:30+0000",
"method": "GET",
"url": "....",
"status": 200,
"bytes": 19820,
"referrer": "....",
"agent": "...",
"@log_name": "apache.access"
},
"fields": {
"@timestamp": [
"2019-12-02T11:00:30.000Z"
]
}
}
Why do the @timestamps differ regarding their format?
2019-12-02T11:00:30+0000 (UTC timezone, no milliseconds)
2019-12-02T11:00:30.000Z (milliseconds + "Z" for UTC timezone)
What does my index mapping have to look like to have the time quickfilter available in Discover?
Currently it looks like this and it doesn't show me the timespan quickfilter:
...,
"@timestamp": {
"type": "date",
"format": "yyyy-MM-dd'T'HH:mm:ssZ"
},
...
Index pattern:
Solution
You need to recreate the index pattern and make sure to select the @timestamp field as THE time field for that index pattern.
That's the field Kibana uses for selecting documents based on the time selected int he time picker.
- How can I check nulls in Logstash pipeline in filter plugin?
- How to input a JSON file (array form) in Logstash?
- OpenTelemetry Export to Elastic Search without Elastic APM
- Can't connect to Elasticsearch with Node.Js on Kubernetes (self signed certificate in certificate chain)
- trying to pass params to elasticsearch getting null_pointer_exception
- 'Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes" error when indexing a list of dictionaries
- Regexp filter in Opensearch (or Elasticsearch)
- Shards and replicas in Elasticsearch
- Search document with empty array field, on ElasticSearch
- how to rename an index in a cluster?
- Merge two indices value by a common field in elasticsearch
- How to log using serilog to elasticsearch with Elastic.Serilog.Sinks in .net application
- Transform custom Docker logs into fluentd into elastic search
- How to connect securely to Elasticsearch with existing certificates?
- How to handle pagination when the source data changes frequently
- Configuring Elasticsearch and Kibana to work with each other without requiring enrollment token
- Kibana UI isn't load in browser
- Elastic search : multiple criterias on text search
- Elasticsearch: Job for elasticsearch.service failed
- Filebeat how to not generate dashboards automatically
- Efficient way to retrieve all _ids in ElasticSearch
- What are the major difference between ElasticSearch and OpenSearch?
- elasticsearch-java:8.15.0 hotThreads method throws TransportException
- How to perform indices query in ElasticSearch?
- Parsing Filebeat logs to send to Elasticsearch
- Search for multiple exact HTTP paths and methods
- Elastic Search / Hibernate Search : how to code xor operator with query DSL API in java?
- Elastic update by Query - How to update a field with digits as a string
- AWS ElasticSearchService index_create_block_exception
- Tokenize input text using shingles and compare them with document keywords