Hi !
Since this morning I have a strange bug in my ELK stack. I have some delay between when Kibana shows a log and the real hour.
This screen shows that some docs arrive at 14:44 whereas it's already 14:47 (IRL).
Also I found an index named logstash-1970.01.01. what is it ? It has some docs inside.
Thanks
Sounds like the time is off either on your logstash node or the nodes where the data is originating. The 1970 index would correspond to a unix timestamp of 0 so maybe there's no valid time in the logs at all. Regardless you should be looking upstream from ES/Kibana for the issue.
Kimbro
I found the mistake, some of my logs had, inside them, a timestamp set to 0.0. It matches nothing so logstash sent them to this index.
I remove the date filter and everything came back to normal. It's weird that I had no problems with the date filter before and suddenly, everything stopped working correctly
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
