Hello,
I am using kibana to browse data from syslog.
I previous setups I always got a histogram on the Discover tab. For unknown reasons, it does not show up in my latest deployment. I have a time field in my log messages and it is also indexed.
Thank you
Daniel
Did you set the "Time filter field name" when setting up your index pattern in Kibana?
One way to verify the index pattern time field has been set is to view the index pattern under management and see if any time fields have the "clock" symbol next to their name.
Strangely, this option does not exist on my version (6.4.2)
What does the mapping look like for your elastic search index? https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html
Is the time field index as a date type? https://www.elastic.co/guide/en/elasticsearch/reference/current/date.html
No, it's a text field right now.
I assume that the type is autodetected because it worked in other cases. The data is coming from fluentd.
The field value is right now something like '04/Nov/2018:16:38:58 +0000' which looks like a valid date format.
You'll need to customize the mapping of that field to be recognized as a date format. The link above with the date format details that the default formats are "strict_date_optional_time||epoch_millis" (which looks like https://www.joda.org/joda-time/apidocs/org/joda/time/format/ISODateTimeFormat.html#dateOptionalTimeParser).
If you have a daily index, create an index pattern with the right field and it will work for tomorrow's data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.