Hi
When I create a table to show all messages by timestamp I get a few bunches of messages but not all. Why is this? For here as an example in Discovery I see a message from 14:49:** but in the table it does not appear.
In the production mode I see a bunch of message that not one have a Count over 1, and still there are missing logs.
Thanks in advance.
I don't fully understand what are you trying to achieve. Any reason why you are using a terms split on @timestamp field ? are you maybe looking for a date histogram agg ?
Hi,
This is not a real graph for production. I just wanted to simulate the idea that there are logs shown in "discovery" but not on the table. I used @timestamp just b/c it is easy to show that messages are missing from the table on a certain time.
the data in your visualization is aggregated in buckets, so you will not see individual records as you do in discover.
where in discover you would see each record for lets say a month of data, in visualization you would usually want to group them together in a way for example show a count per day.
Thanks.
After I saw the problem I understood that my question was not defined good enough.
My problem was that I didnt define the size of logs that should be returned by table. By default it is 5:
Thanks for the effort!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
