My documents stored in ElasticSearch have a "timestamp" field that is stored as a millis (https://currentmillis.com/) number. I would like to view time-series data in Kibana, but Timelion doesn't work properly, presumably because my @timestamp field is in a format it cannot read.
Is there any way I can configure Kibana to use my @timestamp field as millis, or do I need to convert the data to a certain format before sending it to ElasticSearch?
Hi Anna,
When you created the index pattern, what did you select as your time field?
Did you explicitly use some ETL to assign the timestamp to the @timestamp field? Because, by default, Elasticsearch will use the document indexing time as the @timestamp for that doc.
Also, have a look at configuring the date datatype for the index pattern using mappings:
https://www.elastic.co/guide/en/elasticsearch/reference/current/date.html
Thanks for the reply!
I didn't choose a time field when creating the index in ElasticSearch or Kibana.
I don't want Kibana to use the document indexing time as the timestamp, how can I configure Kibana to select the "timestamp" field from my documents as the @timestamp?
Edit: I went to try and create a new index pattern in Kibana, but when I was prompted to choose a time filter, there were no time fields found in the index.
I realize upon reading documentation that I should have set the 'timestamp' field to '@timestamp'.
However, my index has been being populated for a few weeks now, is there a way that I can configure Kibana to interpret my 'timestamp' field as the Time Filter? Or if I configure the date datatype for the index pattern using mappings as you linked above, will this work backwards on documents that have already been indexed?
It will not work for documents that are already indexed, and if you change your mapping now, you will get a mapping conflict for your index.
You can reindex your index using the reindex api. This should resolve your issue.
Also, you do not need to rename your timestamp field. It is ok to have a field with a different name, if it is detected as a date field, the field will be visible in Kibana.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
