Hi Community,
We have DC-DR(Active Active)ELK cluster running. We have Observed that for 2024-05-25 00:00-23:59 time range in discover if i select _index i am seeing index-2024-05-27. For Replication from DC to DR we are using Kafka mirror. This issue is happening in DR.
Hi @Aniket_Pant,
Do you have ILM setup to rollover your indices? If so can you share your policy please?
You need to provide a lot more of context, for example, how are you indexing your data? Are you using logstash?
It is not possible to know what the issue may be or even if this is an issue without more information.
But if you are using logstash and you are not using the date string from your log messages, logstash will use the timestamp from when the log has entered the pipeline.
This is also the behaviour of any other tool, if you do not specifiy it to use a date field from your message, it will use the current date as the value for the @timestamp field.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.