Hello, I have tried to get the datasource to connect with my elasticsearch with no luck. I don’t see any data and get an error "No date field named timestamp found ". When I look at the indexes being pulled by pfsense i see “timestamps”. But when I put that variable in the settings or any other possible variation it could be, no luck. Can anyone help me please?
Error
Running software versions:
Elasticsearch Version - 7.14.1
Grafana - 8.1.4
Graylog - 4.1.5+01c9198
Hi,
Please check the json data using kibana, make sure the @timestamp field exist.
Secondly, just put no pattern in the pattern, right side of the index name in the Elasticsearch datasource.
Regards,
Fadjar Tandabawana
Hey thank you for the response, Which JSON file should i check and where can I find it?
Using Kibana, Find the Discover then select the index that you concern, then check the data within timeframe, let say 1 hour.
You can see the field @timestamp…
For the Grafana Elasticsearch datasource, just choose no pattern in the pattern box.
Regards,
Fadjar Tandabawana
Thanks for pointing me to the correct direction. I changed the pattern to “No Pattern”
Also my index name was “PFsense_" i changed it to "pfsense_” . the lowercase index name is what threw it off and the pattern.
Thank You
just to complement, I had this problem when I parsed below:
Wazuh-Indexer → Graylog → Parse Json - Wazuh-Graylog-indexer-parsed → Grafana.
I noticed that in the part of the json parse done by graylog, the correct field it generated was data_win_system_systemTimestamp. After changing this field within elasticsearch in grafana, it worked perfectly.
