Unable to sort logs on the basis of timestamp

Ashish1234 · May 9, 2018, 8:22am

grok filter:

filter {
grok {
match => { "message" => "[%{LOGLEVEL:Severity}]:[%{DATA:User_Name}]:[%{TIMESTAMP_ISO8601:event_time}]:[%{DATA:Session_ID}]:[%{DATA:Function_Name}]:[%{DATA:Event}]:[%{DATA:Activity_Status}]:[%{GREEDYDATA:message}]"
}

}

date {
match => ["timestamp", "dd/MM/yyyy HH:mm:ss"]
target => "@timestamp"
}

}

elasticsearch curl request:

curl -XGET "http://172.25.2.206:9200/elk_db/_search?size=1000&pretty" -H 'Content-Type: application/json' -d'

{

"sort": [
{ "event_time": {"order" : "asc"} }
],

"query": {
"bool": {
"must": [
{ "match": { "Session_ID": "323232" }}

  ]

}

}

}'

Mapping:

{"elk_db":{"mappings":{"doc":{"properties":{"@timestamp":{"type":"date"},"@version":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"Activity_Status":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"Event":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"Function_Name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"Session_ID":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"Severity":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"User_Name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"beat":{"properties":{"hostname":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"name":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"version":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"event_time":{"type":"date","format":"yyyy/MM/dd HH:mm:ss||yyyy/MM/dd||epoch_millis"},"host":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"message":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"offset":{"type":"long"},"prospector":{"properties":{"type":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}},"source":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"tags":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}},"timestamp":{"type":"text","fields":{"keyword":{"type":"keyword","ignore_above":256}}}}}}}}

Ashish1234 · May 9, 2018, 8:26am

below are the sample logs
[DEBUG]:[test]:[09/05/2018 07:06:00]:[323232]:[uploadLogFile]:[PRE_DEPLOYMENT_CHECKS]:[323232]:[abcd]
[DEBUG]:[test]:[09/05/2018 07:06:00]:[323232]:[uploadLogFile]:[PRE_DEPLOYMENT_CHECKS]:[323232]:[abcs]
[INFO]:[test]:[09/05/2018 07:06:00]:[323232]:[getUnTrustedOkHttpClient]:[PRE_DEPLOYMENT_CHECKS]:[ajsjwqsqwsqw]
[INFO]:[test]:[09/05/2018 07:06:00]:[323232]:[getUnTrustedOkHttpClient]:[PRE_DEPLOYMENT_CHECKS]:[dwdwedwdwd]

polyfractal · May 10, 2018, 5:26pm

What exactly is the issue? What do you mean by being unable to sort?

Those logs don't show anything useful, so I'm not sure what the issue is here

system · June 7, 2018, 5:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sorting search results Elasticsearch	2	751	July 6, 2017
Retrieving all log events sorted by timestamp Elasticsearch	6	8750	April 30, 2019
Sorting search results Elasticsearch	1	269	July 6, 2017
Sort based on timestamp from log Elasticsearch	1	348	June 15, 2020
Sort by time received instead of timestamp Elasticsearch	8	1457	August 16, 2022

Unable to sort logs on the basis of timestamp

Related topics