Hi there
I am busy moving from an on premises Kibana 6.3 to an Elastic Cloud 7.4 instance. So far all is good, except that when I choose @timestamp when creating an index pattern, no data shows in the Discover page in Kibana. When I select no timestamp field, I can see all the data so I know for a fact all the data is in the index (the document count also increases as I write entries to my log files being ingested, so all good).
Here is the date format in my log file and the "target" field section of my ingest file:
Log File data format: 2019-09-26 06:49:41,028
Grok Pattern:
%{DATESTAMP:python_logs.entries.logtime} %{DATA:python_logs.entries.level} WHERE: %{DATA:python_logs.entries.where}\tMESSAGE: %{GREEDYDATA:python_logs.entries.errormessage}
Ingest Pattern:
"date": {
"field": "python_logs.entries.logtime",
"target_field": "@timestamp",
"formats": ["YYYY-MM-DD HH:mm:ss,SSS"]
}
Any help will be greatly appreciated.
Regards
Upon further investigation, I found this:
(I delete and let Filebeat recreate the index with every test I do to avoid other issues)
When I create an index pattern and dont specify a timefield, then I can see all my data and I have this error:
error.message Text '2019-10-07 12:27:18,519' could not be parsed at index 2
When I create an index pattern and specify @timestamp as the time field, then I don't see any data.