Kibana doesn't see any of my data

Question

I'm trying to get Kibana working with ElasticSearch and a custom data source.

The data is imported by a service running on the same machine as the ES instance. I'm absolutely sure that the data is in the ES instance (ES-HQ shows that there are ~110,000 documents in the index I'm trying to search)

I've gone into Kibana, selected the 'datetime' field (See below mapping) for the index timestamp, set it as default, and put the * character into the main search, with the time range set to "Last 20 years" (None of my data exists before 2008)

My mapping is as such:

{
    "basetype":{
        "properties":{
            "datetime":{
                "type":"date",
                "format": "epoch_millis"
            },
            "id":{
                "type":"integer"
            },
            "value":{
                "type":"long"
            }
        }
    }
}

This was PUT to /testindex/basetype/_mapping

and an example document is

{
    "datetime":1211241600,
    "id":1920017,
    "value":7250
}

my hunch is that it has something to do with the timestamp field's formatting, but I'm not positive. Or, is it the "id" field (maybe a reserved name in ES?)

Answer 1

You've got it all right, except one single tiny thing. In your mapping you specify the date format as being epoch_millis but in your document the datetime is specified in epoch_second.

So you have two choices:

1. Either you keep the mapping as it is and multiply all your date times by a factor of 1000
2. Or you change your mapping with "format": "epoch_second" and keep your data as it is.

In any case, you need to reload your index pattern in Kibana afterwards and it will work. Note that I tested this on Kibana 4.2.