The @timestamp field, created by logstash by default, has always worked perfectly out-of-the-box with Kibana's time picker and also with curator. Perhaps if you posted one document from your Elasticsearch response it might help.
But I don't recommend that you create your own fields with @ as a prefix character. Straying a bit from your question, I created some R scripts to analyze and plot things in a way that neither Kibana nor Splunk can. What I've noticed is that when I export as CSV, either from Elasticsearch or from Splunk, and then import into R's CSV reader, I notice that: 1. Elasticsearch's @timestamp field becomes the X.timestamp field in R. 2. Splunk's _time field becomes the X_time field in R. Which is one very good reason not to add a @ or _ to the front of your own fields. It's a lot of extra hard-coded processing to figure out the source and then choose the field using R when it's not the same name as the field from Elasticsearch. But I digress. Brian On Wednesday, October 29, 2014 1:20:10 PM UTC-4, Iván Fernández Perea wrote: > > I was using Kibana and wondering which are the differences between using > or not an @ sign before field names. It seems that the default (as in > timepicker in the dashboard settings) is using the @ before a field but it > doesn't seem to work in my case. I need to set the Time Field in the > Timepicker with a field name and no @ before it to make it work. > > Thank you, > Iván. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9897dd1d-9306-4f73-bcbd-fba65c5f4d8e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
