I have a data which has @timestamp (when data was ingested) and time_logged where log event happen.
When I create index pattern with @timestamp I can see data on discover
but when I create index pattern with time_logged (date field) I don't get any data on discover.
But I can see via REST api _search query.
Time_logged is date format in mapping when I checked
"time_logged": {
"type": "date"
},
this is version 7.12.1
what is happening?
Discover defaults to last 15 minutes so if you have no data logged in that interval, it won't show. Check and compare the values of timestamp and time_logged in a document in Discover when you have your index pattern set to @timestamp and see the difference there for the latest document.
I have try hour to years and data is only few min to few hour old.
I can see them if I select index pattern which is created with @timestamp.
Data can't be seen if they are created with time_logged (date field)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.