Hia,
As per title I'm stuck with a painless timezone Q:
Customer, WebUI, tz UTC+5
The WebUI issues a query and converts query to UTC
Elastic processes in UTC and then aggs by hour and by minute
"aggs": {
"time": {
"terms": {
"script": {
"source": "doc['@timestamp'].value.getDayOfMonth()"
}
},
"aggs": {
"time": {
"terms": {
"script": {
"source": "doc['@timestamp'].value.getHour()"
}
}
}
}
}
},
The results accurately group into buckets
"aggregations" : {
"time" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "10",
"doc_count" : 484318,
"time" : {
"doc_count_error_upper_bound" : 0,
"sum_other_doc_count" : 0,
"buckets" : [
{
"key" : "17",
But the reply to the WebUI is now in UTC. Converting from key:10 and key:17 is possible in JS, but fiddly (as it could be getDay() + getHour().... or getHour() + getMinute().
I suspect the cleanest way to do this is a tz modifier before the getHour() is issued. I've spent a few hours looking at Java/Painless but I'm struggling, every example I can find is fundamentally different, or I can't work out the alternative.
I guess the code would look something like:
"source": "doc['@timestamp'].setTimeZone('America/Argentina/Buenos_Aires').value.getHour()"
Any input much appreciated!
Thanks
Andy