Sorting by @timestamp does not work #1298
Comments
|
Can you show us your mappings? I'm unable to replicate this issue |
{
"log" : {
"mappings" : {
"message" : {
"properties" : {
"@timestamp" : {
"type" : "date",
"format" : "dateOptionalTime"
},
"@version" : {
"type" : "string"
},
"host" : {
"type" : "string"
},
"logsource" : {
"type" : "string"
},
"message" : {
"type" : "string"
},
"path" : {
"type" : "string"
},
"pid" : {
"type" : "string"
},
"program" : {
"type" : "string"
},
"tags" : {
"type" : "string"
},
"timestamp" : {
"type" : "string"
},
"type" : {
"type" : "string"
}
}
}
}
},
"kibana-int" : {
"mappings" : {
"dashboard" : {
"properties" : {
"dashboard" : {
"type" : "string"
},
"group" : {
"type" : "string"
},
"title" : {
"type" : "string"
},
"user" : {
"type" : "string"
}
}
}
}
}
} |
|
I'm having the same issue. I'm using fluentd to send data into elasticsearch. It looks like fluentd using the logstash format puts quotes around the timestamp data when sending it into elasticsearch. One thing that confuses me about Kibana though, is that the data is displayed properly in a histogram (e.g. temperature over time), but when the data is in a table, I can't sort it (like pwaller) |
|
Here's my mapping: logstash-2014.06.19: { |
|
I'm thinking this is definitely a Kibana issue. When I run the query I get from inspecting the Kibana table element against ElasticSearch directly, I get all my entries returned and sorted in proper order (by timestamp). But when viewed through Kibana I get the same behaviour as pwaller. Direct from ElasticSearch In Kibana: |
|
I'm new to Kibana, using 3.1.0 and I was having apparently the same problem described here. Timestamps would be partially sorted or would appear seemingly in random order. It appears that I was able to resolve the issue by going to my Dashboard Settings / Index tab and changing the value of "Timestamping" from "none" to "day". |
|
That worked for me too. Thanks 4levity! |
|
What effect does changing this setting have and why does it fix the issue? |
|
Not sure why this fixes it, but in my case it does. I'm guessing that it has something to do with Kibana being better able to understand the naming format of the indices that are created by logstash as this setting appears to specify what the Index pattern is that is used when logstash is sending to elasticsearch. Not sure why that helps sorting a few messages that are all contained within the same elasticsearch index, but it does.
|
|
I have the same problem,I use kibana 3.1, does this issue has been fixed in 3.1? |
|
I'm not sure. I can confirm though that this happens to me with any new dashboard I create and I have to set the timestamping as noted above or I can't sort on timestamp properly. |
|
Same problem here. I have Kibana 3.1.0 and 3.0.1 installed in parallel. In 3.1.0 the sort order goes wrong with @timestamp field which is of "type" : "date" but in 3.0.1 it is ok. |
|
I was not able to replicate this, however we've completely rewritten the sort logic in Kibana 4 and sorting on timestamp seems to work great. |
Here is the sort by
@timestampin both directions. In both cases, it shows ascending in time. The only thing I changed between these two images is to click the timestamp sort order icon.The intended behaviour is that I want to see the most recent events last, and neither shows this.
/cc @drj11
It seems similar to #815 which was closed: the resolution was "use @timestamp" (which I do here), and #1191, which seems to be a question rather than a bug.
The text was updated successfully, but these errors were encountered: