Hi Elastic Team,
My question is similar to this topic.
For documents with identical timestamps, can we sort them on kibana by the order the events/docs were recorded? Basically I want the log lines shown on Kibana to be in the same order as I would see them in the actual log files.
Cheers,
Hi Elastic Team, any suggestions please?
After some searches, it looks like there's nothing out of the box provided by logstash nor elasticsearch and one need to come up with an own way of generating a sequence ID and adding that to the event it seems.
Hi @ld_pvl,
unfortunately you are correct. Due to the facts that Elasticsearch is inherently distributed and most indexing pipelines include multiple potentially buffering stages, preserving order with a low timestamp resolution is very difficult. The best solution I can think of is to add you own sequence id during ingestion and use the context view that was added in 5.4. If you set the context:tieBreakerFields setting to that sequence id field as suggested in the documentation, the context view should display the lines in the correct order.
Thanks a lot for your reply!
The context view tip is very useful.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.