Tomasz Swider

Cool @alexolivan, the request and response are of type "text", and term aggregation can be done only on type "keyword" have a look at the EL documentation about it. '@timestamp'...

Hi @alexolivan, 1. I will need you to send me one example of a document from Es after that insert, question is, does it have the @timestamp field and what...

Hi @alexolivan sorry for the late response, last week was mental. if the only thing that you get from the inspect is the line that you pasted that means that...

But it looks like your problem is misconfigured dashboard. So your index is named: 'logstash-ciscoiosacl-2017.07.10' and I imagine that you have one of these per day, and the data updates...

Thanks @audrjon I will have a look on the weekend :)

Hi @mzamora717 thanks for letting me know, you are right it does not work, but you do not need it, you can have the same effect by setting a filter...

I could not agree more @mzamora717 :), So if you have time to fix it patches are welcome.