Timestamp not appearing in Kibana

elasticsearch kibana kibana-4
HHHH picture HHHH · Apr 3, 2015 · Viewed 31.6k times · Source

I'm pretty new to Kibana and just set up an instance to look at some ElasticSearch data.

I have one index in Elastic Search, which has a few fields including _timestamp. When I go to the 'Discover' tab and look at my documents, each have the _timestamp field but with a yellow warning next to the field saying "No cached mapping for this field". As a result, I can't seem to sort/filter by time.

When I try and create a new index pattern and click on "Index contains time-based events", the 'Time-field name' dropdown doesn't contain anything.

Is there something else I need to do to get Kibana to recognise the _timestamp field?

I'm using Kibana 4.0.

Answer

Nick picture Nick · Apr 9, 2015

You'll need to take these quick steps first :

  1. Go to Settings → Advanced.
  2. Edit the metaFields and add "_timestamp". Hit save.
  3. Now go back to Settings → Indices and _timestamp will be available in the drop-down list for "Time-field name".

Kibana 4 Advanced Settings metaFields

Related questions

Elasticsearch is still initializing the kibana index

When I am trying to start Kibana I am facing the following issue. I first restarted my elasticsearch server it was running successfully. After starting Elasticsearch I tried to start Kibana but no luck. {"name":"Kibana","hostname":"ABCD","pid":3848,"level":30,"…

Read More
Kibana - How to display log as table

I'm testing Kibana 4 for a project. I have created an index from my database table which is composed by 3 fields: Date User Action I would like to display my index as a simple table (3 column, N rows) in my dashboard. …

Read More
Where does Elasticsearch store its data?

So I have this Elasticsearch installation, in insert data with logstash, visualize them with kibana. Everything in the conf file is commented, so it's using the default folders which are relative to the elastic search folder. 1/ I store data with …

Read More