I am pushing some old logs to elasticsearch via rsyslog.
Here is one of the log entries,
[START] --- [xx.xx.xx.xx] --- [25/Jun/2017:06:39:54 +0530] --- "Headers: [-, -, -, -, -, -]" --- "POST /infotrack HTTP/1.1" --- 200 --- 0.310 --- "-" --- "Java/1.8.0_121" --- "application/x-www-form-urlencoded" --- "-" --- [END]
The logs are successfully inside the elasticsearch and visible in kibana.
But the @timestamp is not identified. During adding index in kibana, the time field does not shows up.
What is the problem here ?
I have used the same format timestamp in other indices and it did not create any problem there.
EDIT -
Now I am getting this on that index,
Discover: Fielddata is disabled on text fields by default. Set fielddata=true on [@timestamp] in order to load fielddata in memory by uninverting the inverted index. Note that this can however use significant memory.