[
https://issues.apache.org/jira/browse/FLUME-1782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13543292#comment-13543292
]
Edward Sargisson commented on FLUME-1782:
-----------------------------------------
Hi Brock,
Sorry for the delay in replying - I've had some family issues taking my
attention.
*If* the data doesn't have a timestamp then there's little point writing it to
ElasticSearch as Kibana will not be able to query it from ElasticSearch.
Kibana's querying expects there to be a timestamp.
It's for this reason that it will warn you if it's not there.
If you want I can make it only log once but I'm not sure if that's useful.
> Elastic Search sink does not use UTC to determine the correct index to write
> to.
> --------------------------------------------------------------------------------
>
> Key: FLUME-1782
> URL: https://issues.apache.org/jira/browse/FLUME-1782
> Project: Flume
> Issue Type: Bug
> Components: Sinks+Sources
> Reporter: Edward Sargisson
> Fix For: v1.4.0
>
> Attachments: flume-1782.patch
>
>
> The GUI for logs in ElasticSearch, Kibana, uses the utc date to determine
> which index to read for a search. The Flume ElasticSearch sink is using the
> local timezone to determine which index to write to. This means that events
> are being placed in the incorrect index and Kibana doesn't always find them.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
