Can unix timestamp be used as field in date histogram?

komaln · July 9, 2012, 9:45am

Hi,

I am building a log analysis tool and want to create the timeline series
graph of the number of log entries logged.

I wish to use the date histogram feature for it. A query like:
"facets" : {
"histo1" : {
"date_histogram" : {
"field" : "field_name",
"interval" : "day"
}
}
}
would work just fine for me. I dont have any field in the "date" format, so
I was wondering if I can use the unix timestamp field I have indexed in my
elasticsearch for the same purpose. Its a date in different format.

I tried a couple of things myself, didnt work. Can you please suggest?

Thanks and Regards,
Komal.

fonzo14 · July 10, 2012, 6:54am

I guess you could try the "script" histogram facet :

"facets" : {
"histo1" : {
"histogram" : {
"key_script" : "doc['date'].date.minuteOfHour",
"value_script" : "doc['num1'].value",
}
}
}

I tried a couple of things myself, didnt work. Can you please suggest?

komaln · July 10, 2012, 9:18am

Hey,

I thought about using this but I dont have the "value" component. I want
the date histogram of the number of entries indexed using elasticsearch and
there is no "value" indicating it. Kindly correct me if I am wrong.

Thanks and Regards,
Komal.

On Tuesday, July 10, 2012 12:24:46 PM UTC+5:30, fonzo14 wrote:

I guess you could try the "script" histogram facet :
Elasticsearch Platform — Find real-time answers at scale | Elastic

"facets" : {
"histo1" : {
"histogram" : {
"key_script" : "doc['date'].date.minuteOfHour",
"value_script" : "doc['num1'].value",
}
}
}

I tried a couple of things myself, didnt work. Can you please suggest?

Colin_Dellow · July 10, 2012, 3:07pm

On Monday, 9 July 2012 05:45:50 UTC-4, Komal wrote:

Hi,

I am building a log analysis tool and want to create the timeline series
graph of the number of log entries logged.

I wish to use the date histogram feature for it. A query like:
"facets" : {
"histo1" : {
"date_histogram" : {
"field" : "field_name",
"interval" : "day"
}
}
}
would work just fine for me. I dont have any field in the "date" format,
so I was wondering if I can use the unix timestamp field I have indexed in
my elasticsearch for the same purpose. Its a date in different format.

I tried a couple of things myself, didnt work. Can you please suggest?

What exactly did you try? If you are indexing a timestamp with seconds
resolution rather than milliseconds resolution, look at the factor
parameter for date histogram. (See

).

komaln · July 11, 2012, 5:11am

Hey Colin,

Yes, I missed the "factor" part. Many thanks. Its working fine now :).

Thanks,
Komal.

On Tuesday, July 10, 2012 8:37:23 PM UTC+5:30, Colin Dellow wrote:

On Monday, 9 July 2012 05:45:50 UTC-4, Komal wrote:

Hi,

I am building a log analysis tool and want to create the timeline series
graph of the number of log entries logged.

I wish to use the date histogram feature for it. A query like:
"facets" : {
"histo1" : {
"date_histogram" : {
"field" : "field_name",
"interval" : "day"
}
}
}
would work just fine for me. I dont have any field in the "date" format,
so I was wondering if I can use the unix timestamp field I have indexed in
my elasticsearch for the same purpose. Its a date in different format.

I tried a couple of things myself, didnt work. Can you please suggest?

What exactly did you try? If you are indexing a timestamp with seconds
resolution rather than milliseconds resolution, look at the factor
parameter for date histogram. (See
Elasticsearch Platform — Find real-time answers at scale | Elastic
).