Imported Data in to Elastic Search with Epoch Nano Not Showing anything in Kibana

Matthew_Bullock · April 24, 2017, 7:59am

I have imported data in to Elastic Search via the bulk API. I have kept my date fields as EPOCH NANO within the data but have selected EPOCH MILLI as the date format. My understanding is JAVA TIME will just drop the last digits and convert it to EPOCH MILLI.

I imported by the bulk API and can see successes in the data

{"index":{"_index":"els","_type":"logs","_id":"3541c65dffdc4408","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"created":true,"status":201}},{"index":{"_index":"els","_type":"logs","_id":"3541c65dffe04408","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"created":true,"status":201}},{"index":{"_index":"els","_type":"logs","_id":"3541c66688954408","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"created":true,"status":201}},{"index":{"_index":"els","_type":"logs","_id":"3541c67089434408","_version":1,"result":"created","_shards":{"total":2,"successful":1,"failed":0},"created":true,"status":201}

I see data within the correct index (docs.count shows data)

I can curl Elasticsearch for the data and it returns successfully

curl -XGET "http://localhost:9200/els/logs/3541c67089434408"

{
  "_index": "els",
  "_type": "logs",
  "_id": "3541c67089434408",
  "_version": 1,
  "found": true,
  "_source": {
    "cacheRequest": {
      "headers": null,
      "keepaliveStatus": "noKeepalives"....................

However when I load up Kibana there is no data / no results found. Do I have to update my Kibana Mapping? Or does Kibana not support the Java Time?

warkolm · April 24, 2017, 8:33am

Did you select the right field as the time one when setting up your index patterns?

Matthew_Bullock · April 24, 2017, 9:29am

so my index mapping is (well top part):

{
  "settings": {
    "index.mapping.ignore_malformed": true
  },
  "mappings": {
    "logs": {
      "properties": {
        "timestamp": {
          "type":   "date",
          "format": "epoch_millis"
        },
        "geoip.location": {
          "type": "geo_point"
      }
        }
      }
    }
  }'

I have also told Kibana to look @ timestamp This worked fine when I 'sed' EPOCH Nano to Milli in my script then bulk imported but was testing new Java Time function to remove this stage

spalger · April 24, 2017, 10:57pm

elasticsearch does not support nanoseconds, you'll need to send the timestamps as milliseconds if you're going to use the epoch_millis date format

spalger · April 24, 2017, 10:57pm

See https://github.com/elastic/elasticsearch/issues/10005

system · May 22, 2017, 11:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ElasticSearch--Not able to convert date to nanomillis using index template Elasticsearch	0	15	August 1, 2024
How to show data in discover based on EPOCH time Kibana	7	4372	July 6, 2017
ES2.1 date field ,about store Elasticsearch	8	863	December 13, 2016
Date format error with "epoch_millis\|\|epoch_second" Elasticsearch	2	10606	October 18, 2017
Compare through epoch_millis Elasticsearch	1	492	June 27, 2017

Imported Data in to Elastic Search with Epoch Nano Not Showing anything in Kibana

Related topics