Adding timestamp property

Elastic Stack Elasticsearch
1

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to filter
event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You have the _timestamp field as you have defined, and you should be able
to search on that field in KB.

Are you not seeing this?

On 15 February 2015 at 00:30, Roy Zanbel royz@jfrog.com wrote:

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to
filter event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X8XMT958jjYn2JZFA0m5uV7QknzH2K-9jYdUdSTq3YR%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

3

Unfortunately no ):
Any ideas how to troubleshoot this issue?
Currently I'm in testing ENV so no problem to delete the index and start
again from scratch.

https://lh5.googleusercontent.com/-_U-0eZT88UY/VOHAvMPv8wI/AAAAAAAAAPQ/tNb9Knr8t6c/s1600/Screen%2BShot%2B02-16-15%2Bat%2B12.01%2BPM.PNG

https://lh5.googleusercontent.com/-J9VC3shYJso/VOHAzhwl7_I/AAAAAAAAAPY/BhO7V5s09-g/s1600/Screen%2BShot%2B02-16-15%2Bat%2B11.56%2BAM.PNG

On Monday, February 16, 2015 at 9:40:36 AM UTC+2, Mark Walkom wrote:

You have the _timestamp field as you have defined, and you should be able
to search on that field in KB.

Are you not seeing this?

On 15 February 2015 at 00:30, Roy Zanbel <ro...@jfrog.com <javascript:>>
wrote:

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to
filter event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e3a14b75-461c-4b4a-abe1-2ffc01b56b5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

4

It doesn't look like _timestamp exists according to that second screenshot,
can you see the value if you do a search via the HTTP API?

On 16 February 2015 at 21:06, Roy Zanbel royz@jfrog.com wrote:

Unfortunately no ):
Any ideas how to troubleshoot this issue?
Currently I'm in testing ENV so no problem to delete the index and start
again from scratch.

https://lh5.googleusercontent.com/-_U-0eZT88UY/VOHAvMPv8wI/AAAAAAAAAPQ/tNb9Knr8t6c/s1600/Screen%2BShot%2B02-16-15%2Bat%2B12.01%2BPM.PNG

https://lh5.googleusercontent.com/-J9VC3shYJso/VOHAzhwl7_I/AAAAAAAAAPY/BhO7V5s09-g/s1600/Screen%2BShot%2B02-16-15%2Bat%2B11.56%2BAM.PNG

On Monday, February 16, 2015 at 9:40:36 AM UTC+2, Mark Walkom wrote:

You have the _timestamp field as you have defined, and you should be able
to search on that field in KB.

Are you not seeing this?

On 15 February 2015 at 00:30, Roy Zanbel ro...@jfrog.com wrote:

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to
filter event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/8801b0d4-8b57-49b2-85ba-039613b962af%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e3a14b75-461c-4b4a-abe1-2ffc01b56b5a%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/e3a14b75-461c-4b4a-abe1-2ffc01b56b5a%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEYi1X9ka-HHn-iDATw6ynTt9SFgPxGnO%3D5q7Kv%3DxbWtK-S%2B5A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

5

Also no..
Will take an hour tomorrow to start fresh, will delete the index and start
over again.
Will keep you posted.
{
"_index": "aql",
"_type": "item",
"_id": "AUuR4GgLMJioTmulRq4u",
"_version": 1,
"found": true,
"_source": {
"path": "Desktop/Desktop/Desktop",
"depth": 4,
"size": 477,
"downloads": 0,
"created": "2014-11-04T17:26:01.435+02:00",
"repo": "archive-local",
"name": "Desktop-Desktop.pom",
"type": "file",
"updated": "2014-11-04T17:25:55.822+02:00"
}
}

Thanks for the quick response.

BR,
Roy.

On Saturday, February 14, 2015 at 3:30:28 PM UTC+2, Roy Zanbel wrote:

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to
filter event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/340289ee-301f-4ac4-928a-1b547b9c4f74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

6

Kibana requires the timestamp filed to be named @timestamp so the internal
_timestamp field isn't going to work - I'm pretty sure that's still the
case for Kibana 4 as well

--

Itamar Syn-Hershko
http://code972.com | @synhershko https://twitter.com/synhershko
Freelance Developer & Consultant
Lucene.NET committer and PMC member

On Mon, Feb 16, 2015 at 6:22 PM, Roy Zanbel royz@jfrog.com wrote:

Also no..
Will take an hour tomorrow to start fresh, will delete the index and start
over again.
Will keep you posted.
{
"_index": "aql",
"_type": "item",
"_id": "AUuR4GgLMJioTmulRq4u",
"_version": 1,
"found": true,
"_source": {
"path": "Desktop/Desktop/Desktop",
"depth": 4,
"size": 477,
"downloads": 0,
"created": "2014-11-04T17:26:01.435+02:00",
"repo": "archive-local",
"name": "Desktop-Desktop.pom",
"type": "file",
"updated": "2014-11-04T17:25:55.822+02:00"
}
}

Thanks for the quick response.

BR,
Roy.

On Saturday, February 14, 2015 at 3:30:28 PM UTC+2, Roy Zanbel wrote:

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to
filter event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/340289ee-301f-4ac4-928a-1b547b9c4f74%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/340289ee-301f-4ac4-928a-1b547b9c4f74%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAHTr4ZvuABk%2BWGEvi9rgQgHXPoHnWVdJYbbsj%3DH-GEMvgPSCdA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

7

So...
Still no go ):
My steps are -

  1. Created new index 'aql'
  2. added mapping on my 'item'
    now my mappings looks like this:
    {
    "aql": {
    "mappings": {
    "item": {
    "_timestamp": {
    "enabled": true,
    "store": true
    },
    "properties": {}
    }
    }
    }
    }

Tried to read on other threads, and in stackoverflow and can see a lot of
people asked the same question but no proposed result seemed to work for
me...

If any one can provide a step by step on how to be to add to every entry a
timestamp field by default I will guarantee his place in heaven!!

Thanks.

BR,
Roy.

On Saturday, February 14, 2015 at 3:30:28 PM UTC+2, Roy Zanbel wrote:

Hi,

New to elasticsearch and have a simple question had a hard time finding
online.
I wish to add a timestamp field.and later use it in kibana
This is how my settings/ mappings looks like:
{
"aql": {
"mappings": {
"item": {
"_timestamp": {
"enabled": true,
"store": true
},
"properties": {}
}
},
"settings": {
"index": {
"item": {
"_timestamp": {
"enabled": "true",
"store": "true"
}
},
"creation_date": "1423908699031",
"number_of_shards": "5",
"number_of_replicas": "1",
"version": {
"created": "1040299"
},
"uuid": "JqNaClL1Q5-ucG6NI1bvOA"
}
}
}
}

and after posting new indices would like to see a timetamp option to
filter event in kibana.

Thanks in advance.

BR,
Roy.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d1aedcf2-8960-44ba-8e8d-768863a5a9c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.