I am trying to crudely measure latency in ELK env's. I cannot install xpack, etc. What will help me greatly is if I can config elastic search to autogenerate a timestamp field when it creates the index entry. I have done some reading and _timestamp seems chucked post 2.x. I am on 5.6. Generating this field anywhere else beside index entry creation time won't help me in this particular circumstance. It must be right at the point the entry gets created.
You can do this if you can send the data through an ingest pipeline.
Not sure i totally follow. There is something in elastic search called that?
We are using filebeat->logstash->elastic, where logstash is just using elasticsearch plugin. But as I stated, I just want the timestamp when elastic's code is actually creating an individual index entry for a document. Are you referring to that?
unless you mean this:
There is an example in this blog post of how to use an ingest pipeline to record the timestamp the document is processed by Elasticsearch and calculate the ingest delay. Something like that might work for you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.