Kibana doesn't visualize logdate's field

Elastic Stack Kibana
1

Hi everyone,

I have a problem with Logstash. In this case is about date's creation. I create a new field (logdate) based on severals fields which I have created with Grok. I don't receive any "error parsing", however, when I go to my Kibana, I create a "histogram" from logdate's field and I don't see nothing.

1011×34 1.2 KB
1035×36 779 Bytes

An example of logdate : 2011-04-19T03:44:01.103Z

791×108 2.54 KB

mutate{
add_field => { "logdate" => "%{year}-%{month}-%{day}T%{hour}:%{minute}:%{second}.%{ms}Z" }
remove_field => [ "year", "month", "day", "hour", "minute", "second", "ms" ]
}

Any idea? :slight_smile:

Thanks in advance

2

Well, it looks like a Kibana issue to me...? You seem to be getting the logdate dates through to Kibana just fine and they have the correct type.

One thing, the order of operations within a single mutate filter is not guaranteed, you should split yours into two to be safe:

mutate { add_field => { "logdate" => "%{year}-%{month}-%{day}T%{hour}:%{minute}:%{second}.%{ms}Z" } }
mutate { remove_field => [ "year", "month", "day", "hour", "minute", "second", "ms" ] }
3

Hi Alex,

I have changed this issue to Kibana. I have done the modification which you has suggested. The problem continues yet. :pensive:

4

It looks like the data is being indexed correctly, so that's good.

I'm not sure I understand the issue entirely, but what I think you're saying is that you have a date field and you are trying to create a visualization using that field and a histogram aggregation, and you're not seeing what you expect to see.

Have you tried using the date histogram aggregation instead?

Also, if you can provide some more information about what you're trying to visualize, that would probably be helpful.

5

Hi Joe,

In Kibana 4, it looks like works fine if I choose an "interval". :slight_smile:

Kibana4.png1264×492 18.5 KB

What I did, it was deleting index and create a new Dashboard.

Thanks for all,

Regards