Hello,
I have created dynamic mapping
"properties": {
"created": { "type": "date",
"format": "yyyy-MM-dd HH:mm:ss"
},
"modified": { "type": "date",
"format": "yyyy-MM-dd HH:mm:ss"
},
"@timestamp": { "type": "date",
"format": "strict_date_optional_time"
}
},
"dynamic_templates": [
{
"integers": {
"match_mapping_type": "long",
"mapping": {
"type": "integer"
}
}
},
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
}
when I am passing data without dynamic mappings the
date {@timestamp "
It is matching properly
But, When i am using this config after creating dynamic Mapping it's not working.@timestamp field is 11 hr back as compared to created field.
A help would be really appreciated
All timestamps stored in Elasticsearch must be in UTC timezone. Which timezone are your timestamps expressed in?
hello @Christian_Dahlqvist
I am picking the data from local system
{"received":"2019-02-01 00:00:00","ipaddress":"_","response_text":"Thank you for contacting }
my data is of this format and I am renaming received to created and after that matching it to @timestamp
Regards
What time zone is that time stamp in? Are you using the date filter to populate @timestamp ?
@Christian_Dahlqvist its the browser time
@Christian_Dahlqvist
Have you verified that the date filter converts this into the correct UTC time stamp?
@Christian_Dahlqvist when i am not using dynamic mapping than this config is working pretty well and i am getting my @timestamp matched
date {@timestamp "
but when i create the dynamic mapping I am facing the error
one sample log is@version :@timestamp March 31st 2019, 23:59:59.000
t @version 1t _id guWf3WkBY7Thni_1DFyI# _score -t _type doct beat.hostname localhost.localdomaint beat.name localhost.localdomaint beat.version 6.2.4t
Can you paste the JSON document as well as the mapping here?
@Christian_Dahlqvist thanks a lot for response
my sample log is
{"no":"12344","message":"urgent","network":"bigdata","shortcode":"1234","received":"2019-02-01 00:00:01","ipaddress":"***"}
my dynamic mapping is
PUT /index_name
"properties": {
"created": { "type": "date",
"format": "yyyy-MM-dd HH:mm:ss"
}
},
"dynamic_templates": [
{
"integers": {
"match_mapping_type": "long",
"mapping": {
"type": "integer"
}
}
},
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
my logstash config file is
input {@timestamp "
Do not specify a date format in your dynamic mapping as that does not seem to match the default that the date filter produces. What happens if you use the default mappings and do not specify any dynamic mappings?
@Christian_Dahlqvist than what should be the format for dynamic mapping for date format
Regards
If you do not specify it explicitly, the default should be used which should work.
@Christian_Dahlqvist should the dynamic_date_formats
Try indexing your data into a new index without any custom template (use the dynamic defaults) and check how that works out.
@Christian_Dahlqvist my new dynamic mapping is
PUT /environment
"properties": {
"created": { "type": "date"
}
},
"dynamic_templates": [
{
"integers": {
"match_mapping_type": "long",
"mapping": {
"type": "integer"
}
}
},
{
"strings": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
]
}
I am still facing issue
system
May 1, 2019, 11:08am
18
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
