Timestamp not enough precision

Robert_Kovacs · August 28, 2017, 9:45am

I have logs with time precision of only seconds like this:
2017-08-09 14:54:38 INFO something
2017-08-09 14:54:38 INFO something
2017-08-09 14:54:38 DEBUG something
2017-08-09 14:54:38 INFO something
I use the date filter to get a timestamp out of this.

My problem is that since the precision is only in seconds, Kibana messes up the order. I know, that in Kibana I could sort by offset, but I would like to use the 'view surrounding documents' tool and for that I need my logs in correct order by timestamp. How could I use the offset field or anything else in Logstash to make my timestamp give precise order?

Shaoranlaos · August 28, 2017, 12:04pm

if your only problem is the false order in the context view you can configure a tiebreaker field in the advanced settings of kibana with which the order would be determined

Under Managment --> Advanced Settings --> context:tieBreakerFields --> set to e.g. offset

Robert_Kovacs · August 28, 2017, 12:33pm

I wrote in offset but it does not work. I have Kibana 5.5.1

Shaoranlaos · August 28, 2017, 12:54pm

the only problem that should still exist with this is that it is sorted in reverse order (Github Issue #12937)

i don't now of annother way to guarantee the correct order in the context view (besides trying to alter the timestamp milliseconds on logstash side)

Robert_Kovacs · August 28, 2017, 12:59pm

Yeah, I have noticed, it is in reverse order. Anyways, it's more than nothing. Thanks for the tip.

system · September 25, 2017, 1:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.