Hi,
I've successfuly create a template to map a specific timestamp from log
like below.
{
"tempalte_blahblah" : {
"template" : "logstash*",
"mappings" : {
"blah" : {
"properties" : {
"hostname": { "type": "string", "index":"not_analyzed" },
"time_raw": { "type": "date", "index": "analyzed", "format":
"yyyy-MM-dd
HH:mm:ss.SSS" }
}
}
}
}
And log looks like this..
2014-07-14 13:02:32.128 25121 (host) (COMMAND) (message)
2014-07-14 13:02:32.133 25121 (host) (COMMAND) (message)
Now, I can see "time_raw" from Kibana or API query :)
But when I use "time_raw" as timefield for Timepicker in Kibana, nothing
hits.
I tried query with range for the "time_raw" in epoch, nothing hits too.
curl -XGET 'http://localhost:9200/logstash-2014.07.16/_search?pretty' -d '{
"query":{
"bool":{
"must":[
{
"range":{
"time_raw": {
"from": 1405490989000,
"to": 1405491289000
}
}
}
]
}
}
}'
Somehow I tried query with range for the "time_raw" in date+milliseconds,
now it hits.
curl -XGET 'http://localhost:9200/logstash-2014.07.16/_search?pretty' -d '{
"query":{
"bool":{
"must":[
{
"range":{
"time_raw": {
"from": "2014-7-16 15:09:49.000",
"to": "2014-7-16 15:14:49.000"
}
}
}
]
}
}
}'
Since I'm heavily relying on Kibana, I need to use epoch time. (Kibana uses
epoch time right?)
Did I misconfigure something here?
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/79731080-b8bd-4f29-9bd0-e30165336967%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
