I'm probably missing something obvious, but despite having millions of documents indexes, timelion seems to only see 120 from a few months ago.
More of a self-reply here, I had to go into Kibana advanced settings and change the timelion:es.timefield from @timestamp to timestamp.
Is @timestamp an older elastic thing?
You can specify a timefield in the es function too, if you want to keep the default: .es(q=*, timefield=timestamp). @timestamp probably comes from a default used by logstash, it's commonly used as the timestamps's field name.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.