I have an index that does not use the @timestamp for “field that represents the time the events occurred”.
Is there a way to flag that field for time?
When I check other Index Patterns, like logs-*, the @timestamp has a clock icon next to it.
This is one of my mappings
-X GET “localhost:9200/logstash-2021.10.07/_mapping?pretty”
“logstash-2021.10.07” : {
“mappings” : {
“properties” : {
“@timestamp” : {
“type” : “date”
},
“facility” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“host” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“message” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“severity” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
},
“tag” : {
“type” : “text”,
“fields” : {
“keyword” : {
“type” : “keyword”,
“ignore_above” : 256
}
}
}
}
}
}
}