Hey there,
I know, that this topic has been discussed many many times, but unfortunately, no solution was proposed.
Correct me when I am wrong, this is all just my personal knowledge build by reading countless threads about this topic.
We have multiple processes and machines, which log to our instance. This means, that there are multiple events per millisecond, which are not shown in the correct order afterwards, due to the restriction of the timestamp only being millisecond precise.
I solved this by adding a sequence number to every event, meaning that the order of incoming events is preserved. This is not necessary the correct order of multiple devices but atleast from one process per device.
When I sort by this field manually, everything seems to work.
But I would like sort by this field automatically, without doing it in Discover manually.
At best, kibana would sort the events by timestamp first and sort the field with the same timestamp by the sequence number.
I cant find any setting to archieve this though. First I hoped for the sort:options setting, but this one does seem to do something different.
The context.tieBreakerOption is somewhat of a compromise, but it sort the events asc instead of descending. Which is exactly the opposit of what I need.
I there any way to do this?
