Previously, the LogInfoEvent.TimeStamp from my application used to be the UTC time the log message was received. Recently, I parameterized it to allow my application to insert logs of operations that occurred in the past, like a week ago.
I tested this feature on dev environment without any issues. A few weeks later though, Kibana started to give me the following error message "Discover: Gateway Timeout", saying that my Elastic Seach is unavailable.
Is modifying the LogInfoEvent.TimeStamp a bad practice, considering that I have the option "Index contains time-based events " checked on Kibana?
A time field in elasticsearch comes in as a string and is parsed to timestamp based upon a pattern. If you modified the timestamp in such a way that the expected pattern is incorrect, the document could be rejected (default behavior). A timestamp is just a field within an index, order or values (beyond what I just mentioned) do not matter. You’ll want to check the health of the cluster and the elasticsearch logs to get a better idea of what is happening, as the problem you encountered could be many different issues.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.