What time-field name for Liferay in Kibana?

Question

I want to see what Liferay puts in Elasticsearch, so I installed Kibana, thinking it would let me see all data.

Kibana asked me for an index pattern, pointing my browser at http://localhost:9200/_cat/indices/ showed the following:

yellow open .kibana       1 1   1  0     3kb     3kb 
yellow open liferay-0     5 1 116 18 496.3kb 496.3kb 
yellow open liferay-20116 5 1   3  0  23.2kb  23.2kb

... so I deduced that I should enter "liferay" as a prefix.

But the next question is trickier: Kibana asks me for a "Time-field name" and proposes me options like "publishDate" or "createDate".

How can I find out what time-field name Kibana expects from me for Liferay?

Note: I must use the out-of-support Elasticsearch 2.2.2 so I installed Kibana 4.4.0

I just tried the first choice, and I see things like Invalid date, October 24th 2017, 16:22:00.000.

Answer 1

Clear the "Index contains time-based events" checkbox. That should keep you going.

Answer 2

You need to set the Time-field name that correspond to the exact log event creation timestamp (i.e when exactly your log entry is created)

So for example the following log has a timestamp and other fields with date type:

25-Oct-2017 22:23 - INFO - profile updated - updated date: 2017-10-25 22:20 - password expiration date: 2018-10-25 00:00

25-Oct-2017 22:23 will be The the target field on which the kibana index pattern creation will be based on.

PS: of course, you need a logstash filter to split the log message into fields. (you can use the grok and date filters)