文档和时间戳存在,但 Kibana 未在 "Discover" 选项卡中显示任何结果
Documents and timestamp exists, but Kibana doesn't show any results in "Discover" tab
我的elasticsearch引擎中有几个文档:
在 Kibana 中,我成功创建了一个索引模式,包括建议的时间字段。
搜索最近 5 年的文档时 - 找不到任何内容。
如果我正在创建没有时间字段的索引模式 - 我可以看到所有文档。
每个_source内容都有文档。
我真的很绝望,有人可以帮忙吗?
已编辑
映射:
{ "settings" : { "number_of_shards" : 1 }, "mappings" : { "monitor" : { "properties" : { "ProcessName": { "type": "string", "index": "analyzed" }, "OpName": { "type": "string", "index": "analyzed" }, "Domain": { "type": "string", "index": "not_analyzed" }, "TraceType": { "type": "string", "index": "not_analyzed" }, "TraceDateTime": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss" }, "ApplicationCode": { "type": "string", "index": "not_analyzed" }, "SrcMessageID": { "type": "string", "index": "not_analyzed" }, "ProcessID": { "type": "string", "index": "not_analyzed" }, "OpID": {"type": "string", "index": "not_analyzed" }, "OpParentID": { "type": "string", "index": "not_analyzed" }, "HostName": { "type": "string", "index": "not_analyzed"} } } } }
文档示例:
{
"_index": "monitors",
"_type": "monitor",
"_id": "AVPkvD3YnwEx8EXuppEN",
"_score": 1,
"_source": {
"ProcessName": "myapp",
"OpName": "myop",
"Domain": "mydomain",
"TraceType": "Info",
"TraceDateTime": "2016-04-05 07:44:15",
"ApplicationCode": "71",
"SrcMessageID": "35e291e9-10ad-47a2-8ce8-935cebc62b26",
"ProcessID": "a017afa9-c541-4424-bc63-c83a3d8830e0",
"OpID": "84267eed-38db-4d84-88c4-f46d148e494a",
"HostName": "myHost"
}
已编辑 2
{"index":[".kibana-devnull"],"ignore_unavailable":true}
{"size":500,"sort":[{"TraceDateTime":{"order":"desc","unmapped_type":"boolean"}}],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"filtered":{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"TraceDateTime":{"gte":1301984031628,"lte":1459836831628,"format":"epoch_millis"}}}],"must_not":[]}}}},"aggs":{"2":{"date_histogram":{"field":"TraceDateTime","interval":"1M","time_zone":"Asia/Jerusalem","min_doc_count":0,"extended_bounds":{"min":1301984031627,"max":1459836831627}}}},"fields":["*","_source"],"script_fields":{},"fielddata_fields":["TraceDateTime"]}
问题是我在格林威治标准时间 +03:00 发送日期时间,并且日期时间作为 UTC 时区存储在 elasticsearch 中。
在 Kibana 中,我成功创建了一个索引模式,包括建议的时间字段。
搜索最近 5 年的文档时 - 找不到任何内容。
如果我正在创建没有时间字段的索引模式 - 我可以看到所有文档。
每个
_source内容都有文档。
我真的很绝望,有人可以帮忙吗?
已编辑
映射:
{ "settings" : { "number_of_shards" : 1 }, "mappings" : { "monitor" : { "properties" : { "ProcessName": { "type": "string", "index": "analyzed" }, "OpName": { "type": "string", "index": "analyzed" }, "Domain": { "type": "string", "index": "not_analyzed" }, "TraceType": { "type": "string", "index": "not_analyzed" }, "TraceDateTime": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss" }, "ApplicationCode": { "type": "string", "index": "not_analyzed" }, "SrcMessageID": { "type": "string", "index": "not_analyzed" }, "ProcessID": { "type": "string", "index": "not_analyzed" }, "OpID": {"type": "string", "index": "not_analyzed" }, "OpParentID": { "type": "string", "index": "not_analyzed" }, "HostName": { "type": "string", "index": "not_analyzed"} } } } }
文档示例:
{
"_index": "monitors",
"_type": "monitor",
"_id": "AVPkvD3YnwEx8EXuppEN",
"_score": 1,
"_source": {
"ProcessName": "myapp",
"OpName": "myop",
"Domain": "mydomain",
"TraceType": "Info",
"TraceDateTime": "2016-04-05 07:44:15",
"ApplicationCode": "71",
"SrcMessageID": "35e291e9-10ad-47a2-8ce8-935cebc62b26",
"ProcessID": "a017afa9-c541-4424-bc63-c83a3d8830e0",
"OpID": "84267eed-38db-4d84-88c4-f46d148e494a",
"HostName": "myHost"
}
已编辑 2
{"index":[".kibana-devnull"],"ignore_unavailable":true}
{"size":500,"sort":[{"TraceDateTime":{"order":"desc","unmapped_type":"boolean"}}],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"filtered":{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":{"bool":{"must":[{"range":{"TraceDateTime":{"gte":1301984031628,"lte":1459836831628,"format":"epoch_millis"}}}],"must_not":[]}}}},"aggs":{"2":{"date_histogram":{"field":"TraceDateTime","interval":"1M","time_zone":"Asia/Jerusalem","min_doc_count":0,"extended_bounds":{"min":1301984031627,"max":1459836831627}}}},"fields":["*","_source"],"script_fields":{},"fielddata_fields":["TraceDateTime"]}
问题是我在格林威治标准时间 +03:00 发送日期时间,并且日期时间作为 UTC 时区存储在 elasticsearch 中。