How to identify timefield of the index?
up vote
0
down vote
favorite
Is there a es query or some way to ask Elasticsearch that which field is being used as time field for a specific index?
elasticsearch kibana asked Nov 10 at 16:36
Talal
63
add a comment |
up vote
0
down vote
favorite
Is there a es query or some way to ask Elasticsearch that which field is being used as time field for a specific index?
elasticsearch kibana asked Nov 10 at 16:36
Talal
63
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Is there a es query or some way to ask Elasticsearch that which field is being used as time field for a specific index?
elasticsearch kibana asked Nov 10 at 16:36
Talal
63
Is there a es query or some way to ask Elasticsearch that which field is being used as time field for a specific index?
elasticsearch kibana elasticsearch kibana asked Nov 10 at 16:36
Talal
63
asked Nov 10 at 16:36
Talal
63
asked Nov 10 at 16:36
Talal
63
asked Nov 10 at 16:36
Talal
63
asked Nov 10 at 16:36
Talal
63
63
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
You can use Kibana to choose the right time field (Step 5):
- In Kibana, open Management, and then click Index Patterns.
- If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern in the upper left.
- Enter "your_index_name*" in the Index pattern field.
- Click Next step
- In Configure settings, select "@your_timestamp_field" in the Time Filter field name dropdown menu.
- Click Create index pattern.
Kibana User Guide: Defining your index patterns
Or search in your index mapping for an field with "type: date"
curl 'http://localhost:9200/your_index/_mapping?pretty'
{
"your_index" : {
"mappings" : {
"your_index" : {
"properties" : {
"@**timestamp**" : {
"type" : "date"
},
"@version" : {
"type" : "text"
},
"clock" : {
"type" : "long"
},
"host" : {
"type" : "text"
},
"type" : {
"type" : "text"
}
}
}
}
}
}
Get Mapping
Or look into your indexed documents:
curl 'http://localhost:9200/your_index/_search?pretty'
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 1.0,
"hits" : [
{
"_index" : "your_index",
"_type" : "your_index",
"_id" : "logstash-01.kvm.local",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2018-11-10T18:03:22.822Z",
"host" : "logstash-01.kvm.local",
"@version" : "1",
"clock" : 558753,
"type" : "your_index"
}
}
]
}
}
Search API
answered Nov 10 at 17:43
jabla
12
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
You can use Kibana to choose the right time field (Step 5):
- In Kibana, open Management, and then click Index Patterns.
- If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern in the upper left.
- Enter "your_index_name*" in the Index pattern field.
- Click Next step
- In Configure settings, select "@your_timestamp_field" in the Time Filter field name dropdown menu.
- Click Create index pattern.
Kibana User Guide: Defining your index patterns
Or search in your index mapping for an field with "type: date"
curl 'http://localhost:9200/your_index/_mapping?pretty'
{
"your_index" : {
"mappings" : {
"your_index" : {
"properties" : {
"@**timestamp**" : {
"type" : "date"
},
"@version" : {
"type" : "text"
},
"clock" : {
"type" : "long"
},
"host" : {
"type" : "text"
},
"type" : {
"type" : "text"
}
}
}
}
}
}
Get Mapping
Or look into your indexed documents:
curl 'http://localhost:9200/your_index/_search?pretty'
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 1.0,
"hits" : [
{
"_index" : "your_index",
"_type" : "your_index",
"_id" : "logstash-01.kvm.local",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2018-11-10T18:03:22.822Z",
"host" : "logstash-01.kvm.local",
"@version" : "1",
"clock" : 558753,
"type" : "your_index"
}
}
]
}
}
Search API
answered Nov 10 at 17:43
jabla
12
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
add a comment |
up vote
0
down vote
You can use Kibana to choose the right time field (Step 5):
- In Kibana, open Management, and then click Index Patterns.
- If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern in the upper left.
- Enter "your_index_name*" in the Index pattern field.
- Click Next step
- In Configure settings, select "@your_timestamp_field" in the Time Filter field name dropdown menu.
- Click Create index pattern.
Kibana User Guide: Defining your index patterns
Or search in your index mapping for an field with "type: date"
curl 'http://localhost:9200/your_index/_mapping?pretty'
{
"your_index" : {
"mappings" : {
"your_index" : {
"properties" : {
"@**timestamp**" : {
"type" : "date"
},
"@version" : {
"type" : "text"
},
"clock" : {
"type" : "long"
},
"host" : {
"type" : "text"
},
"type" : {
"type" : "text"
}
}
}
}
}
}
Get Mapping
Or look into your indexed documents:
curl 'http://localhost:9200/your_index/_search?pretty'
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 1.0,
"hits" : [
{
"_index" : "your_index",
"_type" : "your_index",
"_id" : "logstash-01.kvm.local",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2018-11-10T18:03:22.822Z",
"host" : "logstash-01.kvm.local",
"@version" : "1",
"clock" : 558753,
"type" : "your_index"
}
}
]
}
}
Search API
answered Nov 10 at 17:43
jabla
12
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
add a comment |
up vote
0
down vote
up vote
0
down vote
You can use Kibana to choose the right time field (Step 5):
- In Kibana, open Management, and then click Index Patterns.
- If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern in the upper left.
- Enter "your_index_name*" in the Index pattern field.
- Click Next step
- In Configure settings, select "@your_timestamp_field" in the Time Filter field name dropdown menu.
- Click Create index pattern.
Kibana User Guide: Defining your index patterns
Or search in your index mapping for an field with "type: date"
curl 'http://localhost:9200/your_index/_mapping?pretty'
{
"your_index" : {
"mappings" : {
"your_index" : {
"properties" : {
"@**timestamp**" : {
"type" : "date"
},
"@version" : {
"type" : "text"
},
"clock" : {
"type" : "long"
},
"host" : {
"type" : "text"
},
"type" : {
"type" : "text"
}
}
}
}
}
}
Get Mapping
Or look into your indexed documents:
curl 'http://localhost:9200/your_index/_search?pretty'
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 1.0,
"hits" : [
{
"_index" : "your_index",
"_type" : "your_index",
"_id" : "logstash-01.kvm.local",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2018-11-10T18:03:22.822Z",
"host" : "logstash-01.kvm.local",
"@version" : "1",
"clock" : 558753,
"type" : "your_index"
}
}
]
}
}
Search API
answered Nov 10 at 17:43
jabla
12
You can use Kibana to choose the right time field (Step 5):
- In Kibana, open Management, and then click Index Patterns.
- If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern in the upper left.
- Enter "your_index_name*" in the Index pattern field.
- Click Next step
- In Configure settings, select "@your_timestamp_field" in the Time Filter field name dropdown menu.
- Click Create index pattern.
Kibana User Guide: Defining your index patterns
Or search in your index mapping for an field with "type: date"
curl 'http://localhost:9200/your_index/_mapping?pretty'
{
"your_index" : {
"mappings" : {
"your_index" : {
"properties" : {
"@**timestamp**" : {
"type" : "date"
},
"@version" : {
"type" : "text"
},
"clock" : {
"type" : "long"
},
"host" : {
"type" : "text"
},
"type" : {
"type" : "text"
}
}
}
}
}
}
Get Mapping
Or look into your indexed documents:
curl 'http://localhost:9200/your_index/_search?pretty'
{
"took" : 2,
"timed_out" : false,
"_shards" : {
"total" : 5,
"successful" : 5,
"failed" : 0
},
"hits" : {
"total" : 1,
"max_score" : 1.0,
"hits" : [
{
"_index" : "your_index",
"_type" : "your_index",
"_id" : "logstash-01.kvm.local",
"_score" : 1.0,
"_source" : {
"@timestamp" : "2018-11-10T18:03:22.822Z",
"host" : "logstash-01.kvm.local",
"@version" : "1",
"clock" : 558753,
"type" : "your_index"
}
}
]
}
}
Search API
answered Nov 10 at 17:43
jabla
12
edited Nov 10 at 19:23
answered Nov 10 at 17:43
jabla
12
answered Nov 10 at 17:43
jabla
12
answered Nov 10 at 17:43
jabla
12
12
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
add a comment |
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
Hey Thanks for your thorough answer. Regarding the first section about manual checking through Kibana, I actually need a way to check through code. The latter suggestions through curl, what if there is more than one date field but I am using only one of them for index time field as only one is allowed?
– Talal
Nov 11 at 13:34
add a comment |
draft saved
draft discarded
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53241055%2fhow-to-identify-timefield-of-the-index%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
