In-correct document index order

vikasgb · June 15, 2018, 1:38am

Elasticsearch 5.4.1 Filebeat with Ingest nodes are used for grok.

Problem noticed:

In Kibana console, if we search for last 15 minutes, the query returns data which is anywhere from 5min to 5 days old. However, the @timestamp filed is for last 15 minutes only.
So it appears that the documents are indexed correctly like 5 day old line is indexed as 5 min old and there is no ordering of the document.

Is there any know issue with such ordering?

warkolm · June 15, 2018, 4:19am

Are you using a date processor to update the @timestamp to the correct one in the event?

system · July 13, 2018, 4:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problem with @timestamp time in indexes Beats filebeat	22	3028	April 7, 2020
Documents order in Elasticsearch after processing with filebeat/logstash Logstash	5	1838	September 19, 2017
Logviewing - filebeat - Timestamp Beats filebeat	3	284	April 22, 2021
How to make ElasticSearch return results in sorted time order Elasticsearch	2	2119	March 30, 2018
How to keep my entries ordered as in my file Logstash	1	245	June 21, 2018

In-correct document index order

Related topics