Hi All,
I have some 30 logs files (each file of individual day) of June month. I am collecting data through filebeat and then passing it to logstash. There is one index got created (yesterday, 4th July) which has indexed all these data.
The first timestamp on 1st June log file is 2021-06-01T00:02:24,330 and last timestamp on 30th June file is 2021-06-30T23:57:03,843.
I am creating some dashboard by selecting time range as 3 months. In that the curl, has timestamp as "gte": "2021-07-05T15:54:13.488Z" and "lte": "2021-07-05T15:54:13.488Z, if I changed this timestamp to above 1st June and 30th June (because my data starts from 1st June till 30th June so to match the exact time of 1 month) , its not working and i am not sure why?
Similarly, in Discover, if i changed the time to last 24 hrs or this week, i am getting correct total hits (means it is showing correct output) but if change time to absolute 1st June 2021 00:00 to 30th June 2021 23:30, its not showing any result.
Why its showing correct results if i give timestamp range of index creation time and why its not showing any results if i give actual message logs timestamp range.
It showed show results based on actual log messages timestamp?
Thanks,
