How to connect Elasticsearch datasource?

seikyo-cho-lvgs · May 28, 2024, 5:54am

I installed Elasticsearch via

helm repo add bitnami  
helm repo update
kubectl create ns elk
helm upgrade --install elasticsearch --namespace=elk --set master.replicaCount=3,ingest.enabled=false,data.replicaCount=4,master.masterOnly=false,coordinating.replicaCount=0 bitnami/elasticsearch
kubectl port-forward --namespace elk svc/elasticsearch 9200:9200

I added elasticsearch datasource

In the setting page

When I click Save & test button, got this error:

No date field named @timestamp found

Elasticsearch version is 8.13.4
Grafana version is 10.4.1

I have created an index:

curl -X PUT "localhost:9200/my-index-000001?pretty"
{
  "acknowledged" : true,
  "shards_acknowledged" : true,
  "index" : "my-index-000001"
}

curl -X GET "localhost:9200/my-index-000001?pretty"
{
  "my-index-000001" : {
    "aliases" : { },
    "mappings" : { },
    "settings" : {
      "index" : {
        "routing" : {
          "allocation" : {
            "include" : {
              "_tier_preference" : "data_content"
            }
          }
        },
        "number_of_shards" : "1",
        "provided_name" : "my-index-000001",
        "creation_date" : "1716873504498",
        "number_of_replicas" : "1",
        "uuid" : "RRhNy9ZzSwCWk1_2NOCfbw",
        "version" : {
          "created" : "8503000"
        }
      }
    }
  }
}

How to use correctly?

seikyo-cho-lvgs · June 3, 2024, 1:19am

Check mapping

curl -X GET "localhost:9200/_mapping?pretty"

Add @timestamp to index

curl -X POST "localhost:9200/my-index-000001/_doc" -H 'Content-Type: application/json' -d'
{
  "@timestamp": "2024-06-03T12:00:00Z",
  "message": "Sample log message"
}
'

Create a template

curl -X PUT "localhost:9200/_template/my_template" -H 'Content-Type: application/json' -d'
{
  "index_patterns": ["my-index*"],
  "mappings": {
    "properties": {
      "@timestamp": {
        "type": "date"
      }
    }
  }
}
'

Reindexing existing data

curl -X POST "localhost:9200/_reindex" -H 'Content-Type: application/json' -d'
{
  "source": {
    "index": "old_index"
  },
  "dest": {
    "index": "new_index"
  },
  "script": {
    "source": "ctx._source[\"@timestamp\"] = ctx._source.remove(\"timestamp_field\")"
  }
}
'

Topic		Replies	Views
Cannot add source b/c No date field named @timestamp found Elasticsearch	1	5746	December 10, 2018
Cannot add ES datasource Elasticsearch	8	6202	April 10, 2021
No date field named @timestamp found - new issue Elasticsearch datasource	0	953	July 3, 2023
Not able to add elasticsearch datasource Elasticsearch	2	710	April 24, 2018
No date field named @timestamp or timestamp found using graylog - elasticsearch Elasticsearch	5	10332	June 5, 2023

How to connect Elasticsearch datasource?

Related topics