Hi Brian, thank you very much. I didn't understand why the @ symbol was used before fields in Kibana, it is perfectly clear now.
I was simply saving some documents from spark streaming to elasticsearch and I was using Kibana in order to show streaming data in a histogram panel. My documents didn't have any @ symbol before their names and that's why default timepicker wasn't using my timestamp field. As you said I think it's better not to add the @ symbol to fields and just simply change it in Kibana. That way works perfectly. Thank you again!! Iván. El miércoles, 29 de octubre de 2014 21:10:09 UTC+1, Brian escribió: > > The @timestamp field, created by logstash by default, has always worked > perfectly out-of-the-box with Kibana's time picker and also with curator. > Perhaps if you posted one document from your Elasticsearch response it > might help. > > But I don't recommend that you create your own fields with @ as a prefix > character. Straying a bit from your question, I created some R scripts to > analyze and plot things in a way that neither Kibana nor Splunk can. What > I've noticed is that when I export as CSV, either from Elasticsearch or > from Splunk, and then import into R's CSV reader, I notice that: > > 1. Elasticsearch's @timestamp field becomes the X.timestamp field in R. > > 2. Splunk's _time field becomes the X_time field in R. > > Which is one very good reason not to add a @ or _ to the front of your own > fields. It's a lot of extra hard-coded processing to figure out the source > and then choose the field using R when it's not the same name as the field > from Elasticsearch. > > But I digress. > > Brian > > On Wednesday, October 29, 2014 1:20:10 PM UTC-4, Iván Fernández Perea > wrote: >> >> I was using Kibana and wondering which are the differences between using >> or not an @ sign before field names. It seems that the default (as in >> timepicker in the dashboard settings) is using the @ before a field but it >> doesn't seem to work in my case. I need to set the Time Field in the >> Timepicker with a field name and no @ before it to make it work. >> >> Thank you, >> Iván. >> > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/d086b534-2d62-4f5a-bf7a-478c07a0164f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
