Daniel W.
Reputation: 32300
ElasticSearch / Kibana timestamp - field or _source?
My single raw document in ES/Kibana looks like this:
{
"_index": "fluentd.apache.access.20191202",
"_type": "_doc",
"_id": "8jql724B3OrCHx56JnWb",
"_score": 1,
"_source": {
"serveraddress": "....",
"clientaddress": "...",
"@timestamp": "2019-12-02T11:00:30+0000",
"method": "GET",
"url": "....",
"status": 200,
"bytes": 19820,
"referrer": "....",
"agent": "...",
"@log_name": "apache.access"
},
"fields": {
"@timestamp": [
"2019-12-02T11:00:30.000Z"
]
}
}
Why do the @timestamps differ regarding their format?
2019-12-02T11:00:30+0000 (UTC timezone, no milliseconds)
2019-12-02T11:00:30.000Z (milliseconds + "Z" for UTC timezone)
What does my index mapping have to look like to have the time quickfilter available in Discover?
Currently it looks like this and it doesn't show me the timespan quickfilter:
...,
"@timestamp": {
"type": "date",
"format": "yyyy-MM-dd'T'HH:mm:ssZ"
},
...
Index pattern:
Upvotes: 0
Views: 2619
Answers (1)
Val
Reputation: 217314
You need to recreate the index pattern and make sure to select the @timestamp field as THE time field for that index pattern.
That's the field Kibana uses for selecting documents based on the time selected int he time picker.
Upvotes: 1
Related Questions
- Query by timestamp in ElasticSearch
- Elasticsearch indexing timestamp-field fails
- Recognising timestamps in Kibana and ElasticSearch
- Can we use a Unix Timestamp as _timestamp field in elasticsearch
- Elasticsearch _timestamp
- Timestamp not appearing in Kibana
- Returning the timestamp field in elasticsearch
- How to make elastic4s store _timestamp field?
- Enabling default timestamp in elasticsearch
- Difference between @timestamp and timestamp field in elasticsearch