Hi All,
What is the significance of "Time filter" when setting up an index pattern or Data view?
When setting it up it says Select a primary time field for use with the global time filter
Thanks
Hello,
As per my understanding this timestamp/timefilter will help you in reviewing the data which is indexed over time duration. As well as when you create a dashboard it will help, so if you do not select this field you will see all your data at once which might not be the ideal scenario.
It is the time field that will be used by the time picker to filter results in Discover, Dashboard and Curated UIs etc
Thanks. Can you please elaborate this? Discover still shows @timstamp field.
So in Discover would the messages appear sorted based on “recvdTime” in my case?
Thanks
To be precise the discover results will be filtered by recvdTime and in general the default sorting is by the data view time field, but you can sort by other fields once the data is brought back.
I suggest rolling up your sleeves and getting in there and try it.
You can create 2 dataviews... one on with @timestamp and one with recvdTime and compare and look at the differences...
if it still in the first column then you probably did not set up the Data View Correctly
Also Setting the time field in the data view DOES not remove any fields so @timestamp will still be available.
See example below I created a data view with the time field set to event.ingested
And then Discover filters and displays event.ingested
1 Like
Thanks!
1 Like