One Deata view @timestamp alarm

Wing_W · March 26, 2026, 2:03am

This request queries Elasticsearch to fetch the documents.

Search session id: d53c937d-ef25-4122-862c-9cc00f861186

Node
c60fcARCT5m2jef2_njmog
Reason
error fetching [structured.@timestamp]: Field [structured.@timestamp] of type [flattened] doesn't support formats.
Caused by type
illegal_argument_exception
Caused by reason
Field [structured.@timestamp] of type [flattened] doesn't support formats.

Please help for check and fix. I have changed the Logstash pipelines … and my teammate change some.

Rios · March 26, 2026, 12:10pm

Welcome to the community.

It seams something not OK with data format which LS have sent to ES. Have you check what is the @timestamp format? Also make sure that is acceptable on the ES side - mapping or template .

Can you please provide more details?

RainTown · March 26, 2026, 2:35pm

Welcome to the forum.

Errr ..... telling us what you changed, and what your colleagues changed, will give us more of a clue? Please. and the actual query/search you did will be useful too.

And it's unlikely we can actually fix your issue, though we can possibly tell you what you need to change/adapt. But first you need help us help you by supplying more details.

Wing_W · March 27, 2026, 6:10am

Thanks fixed .that is Logstash pipelines changed and the mapping structured as flattened.

Topic		Replies	Views
Elasticsearch as Logwatch Elasticsearch	7	2073	July 6, 2017
No mapping found for [@timestamp] Logstash	9	1945	August 28, 2018
Elastic search _timestamp path Elasticsearch	3	459	July 6, 2017
About the Watcher alert configure Elasticsearch elastic-stack-alerting	1	863	July 6, 2017
Replace the @timestamp of the dashboard with the time at which the event get logged in the file Logstash	4	234	April 18, 2024

One Deata view @timestamp alarm

Related topics