You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flume.apache.org by "Edward Sargisson (JIRA)" <ji...@apache.org> on 2013/01/03 22:18:12 UTC
[jira] [Commented] (FLUME-1782) Elastic Search sink does not use
UTC to determine the correct index to write to.
[ https://issues.apache.org/jira/browse/FLUME-1782?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13543292#comment-13543292 ]
Edward Sargisson commented on FLUME-1782:
-----------------------------------------
Hi Brock,
Sorry for the delay in replying - I've had some family issues taking my attention.
*If* the data doesn't have a timestamp then there's little point writing it to ElasticSearch as Kibana will not be able to query it from ElasticSearch. Kibana's querying expects there to be a timestamp.
It's for this reason that it will warn you if it's not there.
If you want I can make it only log once but I'm not sure if that's useful.
> Elastic Search sink does not use UTC to determine the correct index to write to.
> --------------------------------------------------------------------------------
>
> Key: FLUME-1782
> URL: https://issues.apache.org/jira/browse/FLUME-1782
> Project: Flume
> Issue Type: Bug
> Components: Sinks+Sources
> Reporter: Edward Sargisson
> Fix For: v1.4.0
>
> Attachments: flume-1782.patch
>
>
> The GUI for logs in ElasticSearch, Kibana, uses the utc date to determine which index to read for a search. The Flume ElasticSearch sink is using the local timezone to determine which index to write to. This means that events are being placed in the incorrect index and Kibana doesn't always find them.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira