时间戳数据未在kibana中显示
[英]Timestamp data not displayed in kibana
问题描述
I am sending syslog data to logstash, which applies some filtering and sends the data to elasticsearch. 
我正在将syslog数据发送到logstash,logstash将应用一些过滤并将数据发送到elasticsearch。 Even though I can see the data in elasticsearch, it is not being displayed in kibana. 即使我可以在elasticsearch中看到数据,也不会在kibana中显示它。
When creating the index, if I set the Time Filter ( @timestamp ) the data is not visible. 创建索引时,如果设置Time Filter ( @timestamp ),则数据不可见。 When using no Time Filter , the data is displayed perfectly. 不使用Time Filter ,数据将完美显示。 The mappings for the index look like this: 索引的映射如下所示:
{
"mapping": {
"doc": {
"properties": {
"@timestamp": {
"type": "date"
},
"facility": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"facility_full": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"facility_mnemonic": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"host": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"log_date": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"log_sequence": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"severity_level": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"tags": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
"type": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
}
}
}
}
}
So @timestamp is of type date - the same as all my other indices. 所以@timestamp的类型是@timestamp与我所有其他索引相同。 What am I doing wrong? 我究竟做错了什么?
Elasticstack v6.4.0 Elasticstack v6.4.0
2 个解决方案
解决方案1
0 2018-09-09 18:53:35
I cannot post a comment, so writing this as an answer here. 我无法发表评论,因此请在此处写下答案。
Please check with time filter for a bigger time range on your kibana(such as today or this month). 请使用时间过滤器检查您的假名上是否有较大的时间范围(例如今天或本月)。
I see an issue with the timezone of the timestamp field(I could not see it in the mapping). 我看到timestamp字段的时区有问题(我在映射中看不到)。 Also, kibana works on UTC timezone by default. 另外,kibana默认情况下在UTC时区工作。 So, it will display data according to UTC (on your timestamp field). 因此,它将根据UTC显示数据(在您的时间戳字段上)。
解决方案2
0 2018-09-11 14:19:24
Do you have an index pattern set up in Kibana defining this field as the date stamp? 您是否在Kibana中设置了索引模式,将该字段定义为日期戳? Without the index pattern the time selector on the dashboard will not do anything. 没有索引模式,仪表板上的时间选择器将无法执行任何操作。 See https://www.elastic.co/guide/en/kibana/current/tutorial-define-index.html 参见https://www.elastic.co/guide/zh/kibana/current/tutorial-define-index.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.