Hello,
I would like to make graphs on a specific part of @timestamp field.
Say, we want an average per hour over a certain period of time.
Is it possible to do that easily in Kibana?
Do we need a script field? If yes, how?
Is it necessary to preprocess this date field splitting in logstash to make it possible?
Thanks
Bruno Lavoie
Just set the time buckets to hourly in the agg. But that wont work over (eg) years of data as the granularity is too small.
Oh, maybe I wasnt clear enough...
I want a bucket/aggregation by time part (day of week, hour).
So, if I select last year with an agregation on hour part of @timestamp, I will have 24 buckets (one for each hour).
The only way that I've found is to add a scripted field in kibana:
doc['@timestamp'].getHourOfDay()
But I have questions regarding performance of this and where is it executed: in kibana or ES?
And, big drawback of this solution is that it's not timezone aware: extracted values are in UTC. Any way to convert it back to the client TZ?
Thansk
Bruno Lavoie
So you want a bucket of 0000-0100 for all days in the year?
hum the buckets would be:
this can be for the year or last month or whatever the user select in time range in Kibana.
Thanks
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.