No date field named @timestamp found - elasticsearch

Grafana Elasticsearch
,
1

I’m new to Grafana and I’ve encountered a problem while trying to create my first Elasticsearch data source. This is the issue I’ve encountered

Screenshot%20from%202019-06-07%2015-11-17
Screenshot%20from%202019-06-07%2015-11-17621×748 38.3 KB

I’ve looked it up and it seems that most people get it by making faulty indexes or having mismatching version while upgrading, but I’ve made an index over filebeat which simply maps my local Ubuntu logs. I can see the data and the index on Kibana and everything seems fine to me. If anyone can see something that I’m missing, I would be grateful.

Here are some my indexes that should be insightful:

Screenshot%20from%202019-06-07%2015-21-21
Screenshot%20from%202019-06-07%2015-21-211157×98 22.7 KB

I would put a picture of my properties for the index too, but I’m not allowed as a new user. Although I can see that timestamp is a field in my index:

“properties” : {
@timestamp” : {
“type” : “date”
},

Hopefully, someone can help. If you need more info please let me know. Thanks.

2

Looks like you’re using Eleasticsearch v7 and support for that is included starting with Grafana v6.2, see release notes. You should also configure the datasource to use version 7.0+ in Grafana.

2 Likes
3

thanks, this worked well.

4

Hey i was not able to fix this issue can you help me the steps that made you to resolve this issue?

5

You must to provide more info about your problem :wink:

6

Step1: I have created the Metricbeat service.
Step2: I have installed the elasticsearch
Step3: I created the dashboard, but data is not coming into it…

http://localhost:9200/metricbeat-7.4.2-2019.11.06-000001
i am using this link and output is showing like

Caused by: org.apache.lucene.queryparser.classic.ParseException: Cannot parse ‘metricset.module:system AND metricset.name:core AND beat.hostname:’: Encountered “” at line 1, column 67.

7

According to query parser, it is invalid. Which is your complete query?

8

metricset.module:system AND metricset.name:cpu AND beat.hostname:$Host

This is the one i am using it…

9

And $Host variable has a value? because, according to the error it seems empty.

10

Seems that’s where i am facing a problem… i thought that yml will pickup that hostname as $host but now i am bit not sure where to configure and also if i just replace it with localhost its not working

11

I found out that Host variable name defined was not correct i changed it to correct variable… but still i am not getting the data in dashboard… but i am able see the hostname which is from elastic search…

12

I am facing the same issue.
I am using Grafana 7.0.0 and ElasticSearch 7.4 (on AWS).

1 Like
13

I had the same issue. I was using the Elasticsearch monitoring dashboard in Grafana, and I had set my datasource up to use @timestamp as the timeField.

However, @timestamp isn’t a stored field in the monitoring mapping, so you can’t query by it on elasticsearch. Instead change it to be timestamp, which does get stored and indexed. It all worked for me after that.

14

Hi @mefraimsson ,
I am facing the same problem with my grafana. I am using the version 7.0+ in grafana and there is a @timestamp in my index.
Here the part of the config file:

filter {
  csv {
      separator => ";"
	  columns => ["date", "time", "tenant", "message", "responsetime"]
      skip_header => "false"
	skip_empty_columns => true
 }
  mutate {
 add_field => {
	"timestamp" => "%{date},%{time}"
	}
 }
 date {
match => [ "timestamp", "dd.MM.yyyy','HH:mm" ]
target => "@timestamp"
}

and a log from Kibana:
image

15

A little bit late, I was facing the same problem with my index named exceptions-* changed to [exceptions-]*
image