Menu
My question is: "What does the @ mean in elastic search documents?" @timestamp automatically gets created along with @version. Why is this and what's the point?
Here is some context... I have a web app that writes logs to files. Then I have logstash forward these logs to elastic search. Finally, I use Kibana to visualize everything.
Here is an example of one of the documents in elastic search:
{
"_index": "logstash-2018.02.17",
"_type": "doc",
"_id": "0PknomEBajxXe2bTzwxm",
"_version": 1,
"_score": null,
"_source": {
"@timestamp": "2018-02-17T05:06:13.362Z",
"source": "source",
"@version": "1",
"message": "message",
"env": "development",
"host": "127.0.0.1"
},
"fields": {
"@timestamp": [
"2018-02-17T05:06:13.362Z"
]
},
"sort": [
1518843973362
]
}
857
@ fields are usually ones generated by Logstash as metadata ones, @timestamp being the value that the event was processed by Logstash. Similarly @version is also being added by Logstash to denote the version number of the document.
Here is the reference.
60
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
