Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Elasticsearch analyzer does not work with index that has no @timestamp field #1290

Open
gaistou opened this issue Oct 25, 2024 · 0 comments
Open

[Bug] Elasticsearch analyzer does not work with index that has no @timestamp field #1290

gaistou opened this issue Oct 25, 2024 · 0 comments

Comments

@gaistou
Copy link

gaistou commented Oct 25, 2024

Describe the bug

Elasticsearch analyzer does not work with Elastic indices that do not have a @timestamp field.

To Reproduce

  • create an Elastic index without @timestamp field
  • add the index in the list of indices searched by the analyzer
  • run the analyzer
  • you get no result and an error about sorting on @timestamp

Expected behavior

Elasticsearch analyzer should be able to match on indices that have no @timestamp fields.

Complementary information

The analyzer tries to sort by @timestamp. When there is no@timestamp field this sort fails and generates an error.

Work environment

  • Cortex Analyzer/Responder name: ElasticSearch
  • Cortex Analyzer/Responder version:1.0
@gaistou gaistou changed the title [Bug] Elasticsearch analyzer does not work with index that have no @timestamp field [Bug] Elasticsearch analyzer does not work with index that has no @timestamp field Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gaistou