Hi, I'm pumping data into ElasticSearch (actually using rsyslog instead of logstash) into a date-based index with a mapping that stores the _timestamp. When I go in with Kibana 4.0.1 and start setting it up, it sees the indexes, but the drop down where you select the time field name is empty and it will not let me create it. Why is this?
I can create it if I uncheck the box that it's a time-based index and just enter 'vip*' for the name, but that is not what I want. Below is the mapping. The 'timestamp' field inside 'properties' is a textual field from syslog that is relatively useless for sorting, but it doesn't show up either. Thanks for any input! $ curl http://elastic.domain.com:9200/vip-2015-03-09/_mappings?pretty=1 { "vip-2015-03-09" : { "mappings" : { "events" : { "_timestamp" : { "enabled" : true, "store" : true }, "properties" : { "fac" : { "type" : "string" }, "msg" : { "type" : "string" }, "prog" : { "type" : "string", "store" : true }, "severity" : { "type" : "string" }, "source" : { "type" : "string", "store" : true }, "tag" : { "type" : "string" }, "timegenerated" : { "type" : "string" }, "timestamp" : { "type" : "string" } } } } } } -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/88525ec9-6891-4b4a-acc6-a8aca30fabd0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
