We are seeing an issue if 2 (or more) log messages came out with the same millisecond in their timestamp, their order in Kibana output (if sorted by timestamps) could be unpredictably listed out of order. See pic for details.
Hi,
the actual problem here is, that Elasticsearch stores a date time as a UNIX timestamp in milliseconds. What you see in Discovery in the _source is the actual stored value, not the indexed one. So even though it looks like Elasticsearch has that information from your original document it doesn't have any information for sorting below the .399 seconds, and thus those two documents occur on the same date. You can follow the appropriate Elasticsearch ticket #10005.
A workaround could be to index the nanosecond timestamp you actually have, in a separate field of type long instead of a datetime field. That way no precision will be lost, and you can sort for that field, and could use the @timestamp field for the operations where you require a date field.
Cheers,
Tim
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.