Currently, the only allowed field for time search is the @timestamp (p_timestamp), but I had issues while ingesting historical data, because I have a custom field called _ingested which refers to when the log actually happened, but the "timeframe" only respects the p_timestamp. Also, I cannot change the default time partition field from the UI.
Since currently the time field is @timestamp - which refers to when the log arrived - it's not suitable for our needs.
The _ingested refers to a date in the past, and p_timestamp refers to when the data was captured. The issue is that I am collecting historical data into Parseable, but I cannot query historically.
Can you help me?
Currently, the only allowed field for time search is the
@timestamp(p_timestamp), but I had issues while ingesting historical data, because I have a custom field called_ingestedwhich refers to when the log actually happened, but the "timeframe" only respects thep_timestamp. Also, I cannot change the default time partition field from the UI.Since currently the time field is
@timestamp- which refers to when the log arrived - it's not suitable for our needs.The
_ingestedrefers to a date in the past, andp_timestamprefers to when the data was captured. The issue is that I am collecting historical data into Parseable, but I cannot query historically.Can you help me?