Hi.
I use Kibana 7.16.1
I'm trying to analyze the log that comes from a CSV file (Windows File bat --> Logstash --> Elastic)
There is a date and time of events in the log
During processing in Logstash, I add this data to the @timestamp field so that the log entries are linked to the time they were created on the main host, and not to the time they were received in Logstash
I use next code in Logstash filter
mutate {
add_field => {
"1c00_timestamp" => "%{1c01_date} %{1c02_time}"
}
}
date {
match => ["1c00_timestamp", "YYYYMMdd HH:mm:ss"]
target => "@timestamp"
}
As a result, when I see the data in Kibana Discovery, they are not sorted by time automatically
But this is not the worst thing (I can use manual sorting in Discovery, i know)
In most of my attempts to visualize this data, I can't get them to be selected by the time specified in the Time picker field
For example, I create a TOP 5 graph for one of the fields, and I see data on the graph for the entire time, across the entire database, No matter what time interval I set in the Time Picker field
The only option when the data on the charts correspond to the selected time is if I create a Count @timestamps graph, then I see the number of records for the selected time period. If i Selected "TODAY" i see only today entries etc
Help me understand what I'm doing wrong?
I would like to get a graph of the TOP 5 records for a specific field from the log and choosing a time interval in the Time Piker field - analyze this data for choosed time period only, not for all database
Is it possible?