Kibana cannot read timestamp from ES


(Anh) #1

Hi All,

I have an IIS log index with the following timestamp

GET iis_log-2016.7/_search

[...]
"_source": {
          "timestamp": "2016-02-18T00:20:49.3895597Z",
[...]

GET iis_log-2016.7/_mapping/field/timestamp

      "mapping": {
        "timestamp": {
          "type": "date",
          "format": "epoch_millis||dateOptionalTime"
        }
      }

When I tried adding this index to Kibana 4.2, Kibana could not recognize any time-field name. After upgraded to ES 2.2.0 and Kibana 4.4.0, Kibana is now able to see the timestamp field as a time-field name and successfully add the index pattern. However, on Discover app, no matter how big the time frame is, Kibana does not show any logs. The IIS log index contains data from a week ago, and I can see data by executing /_search on the index.

My guess is that the milisecond/microsecond .3895597Z has 7 digits instead of 3 or 6 which prevents Kibana from reading the timestamp even though the field is formatted in ES.

I'm looking into fixing from the log source, but any help on fixing it on either ES or Kibana is appreciated.

Thanks,


(system) #2