I've just started using ElasticSearch/Kibana, and I've run into a hopefully simple issue. The records I'm submitting (via JSON/REST) contain a field named "timestamp", which is a unix time integer. Apparently I had to inform Kibana that this was a timestamp field with a command like this:
PUT cxtesterrors
{
"mappings": {
"_doc": {
"properties": {
"timestamp": {
"type": "date",
"format": "epoch_second"
}
}
}
}
}
That worked fine. But after reading some more, I realized that I should have one index name for every day, so, for instance, cxtesterrors_2018_11_28. So I set the time format for cxtesterrors_2018_11_28 yesterday, and that worked fine, but now the date is 11/29 instead of 11/28, and I can't see any new records I'm submitting, presumably because the timestamp field for cxtesterrors_2018_11_29 isn't properly set up. I tried to do that PUT on a wildcard (cxtesterrors_*) and that didn't work. What's the solution? (I hope it's not having to set up a CRON job to do a PUT for every day's records forever...)
@lukas: looking at that page, it still seems like that requires doing a PUT to a specific index. Won't I just run into the same problem, where I set the dynamic template for cxtesterrors_2018_11_28 but that won't set it for cxtesterrors_2018_11_29?
(Another solution to my problem might be to submit my timestamps in some format which will always, automatically, be interpreted as a timestamp. Is that possible? Using ISO standard time strings?)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.