Timestamp not enough precision

I have logs with time precision of only seconds like this:
2017-08-09 14:54:38 INFO something
2017-08-09 14:54:38 INFO something
2017-08-09 14:54:38 DEBUG something
2017-08-09 14:54:38 INFO something
I use the date filter to get a timestamp out of this.

My problem is that since the precision is only in seconds, Kibana messes up the order. I know, that in Kibana I could sort by offset, but I would like to use the 'view surrounding documents' tool and for that I need my logs in correct order by timestamp. How could I use the offset field or anything else in Logstash to make my timestamp give precise order?

if your only problem is the false order in the context view you can configure a tiebreaker field in the advanced settings of kibana with which the order would be determined

Under Managment --> Advanced Settings --> context:tieBreakerFields --> set to e.g. offset

I wrote in offset but it does not work. I have Kibana 5.5.1

the only problem that should still exist with this is that it is sorted in reverse order (Github Issue #12937)

i don't now of annother way to guarantee the correct order in the context view (besides trying to alter the timestamp milliseconds on logstash side)

Yeah, I have noticed, it is in reverse order. Anyways, it's more than nothing. Thanks for the tip.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.