Reputation: 42863
What does @ mean in elastic search documents?
My question is: "What does the @ mean in elastic search documents?" @timestamp automatically gets created along with @version. Why is this and what's the point?
Here is some context... I have a web app that writes logs to files. Then I have logstash forward these logs to elastic search. Finally, I use Kibana to visualize everything.
Here is an example of one of the documents in elastic search:
{
"_index": "logstash-2018.02.17",
"_type": "doc",
"_id": "0PknomEBajxXe2bTzwxm",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2018-02-17T05:06:13.362Z",
"source": "source",
"@version": "1",
"message": "message",
"env": "development",
"host": "127.0.0.1"
},
"fields": {
"@timestamp": [
"2018-02-17T05:06:13.362Z"
]
},
"sort": [
1518843973362
]
}
Upvotes: 4
Views: 1358
Answers (2)
Reputation: 2958
@ fields are usually ones generated by Logstash as metadata ones, @timestamp being the value that the event was processed by Logstash. Similarly @version is also being added by Logstash to denote the version number of the document.
Here is the reference.
Upvotes: 2
Reputation: 3684
The @ field is the metadata created for Logstash. It is part of the data itself.
More info is here.
Upvotes: 1
Related Questions
- What are aliases in elasticsearch for?
- what does _doc represents in elasticsearch?
- elasticsearch usage of terms
- Elasticsearch : Meaning of "@" symbol
- Elastic Search Query with @ (at sign) bring the same as without
- Elastic Search, field name starting with at sign
- what is the @param in elasticsearch bulk load
- Escaping @ at symbol in Ruby Elastic Search gem?
- Kibana discover: search for special character: '@'
- ElasticSearch fields prefixed with "@"