Can unix timestamp be used as field in date histogram?

Elastic Stack Elasticsearch
1

Hi,

I am building a log analysis tool and want to create the timeline series
graph of the number of log entries logged.

I wish to use the date histogram feature for it. A query like:
"facets" : {
"histo1" : {
"date_histogram" : {
"field" : "field_name",
"interval" : "day"
}
}
}
would work just fine for me. I dont have any field in the "date" format, so
I was wondering if I can use the unix timestamp field I have indexed in my
elasticsearch for the same purpose. Its a date in different format.

I tried a couple of things myself, didnt work. Can you please suggest?

Thanks and Regards,
Komal.

2

I guess you could try the "script" histogram facet :

"facets" : {
"histo1" : {
"histogram" : {
"key_script" : "doc['date'].date.minuteOfHour",
"value_script" : "doc['num1'].value",
}
}
}

I tried a couple of things myself, didnt work. Can you please suggest?

3

Hey,

I thought about using this but I dont have the "value" component. I want
the date histogram of the number of entries indexed using elasticsearch and
there is no "value" indicating it. Kindly correct me if I am wrong.

Thanks and Regards,
Komal.

On Tuesday, July 10, 2012 12:24:46 PM UTC+5:30, fonzo14 wrote:

I guess you could try the "script" histogram facet :
Elasticsearch Platform — Find real-time answers at scale | Elastic

"facets" : {
"histo1" : {
"histogram" : {
"key_script" : "doc['date'].date.minuteOfHour",
"value_script" : "doc['num1'].value",
}
}
}

I tried a couple of things myself, didnt work. Can you please suggest?

4

On Monday, 9 July 2012 05:45:50 UTC-4, Komal wrote:

Hi,

I am building a log analysis tool and want to create the timeline series
graph of the number of log entries logged.

I wish to use the date histogram feature for it. A query like:
"facets" : {
"histo1" : {
"date_histogram" : {
"field" : "field_name",
"interval" : "day"
}
}
}
would work just fine for me. I dont have any field in the "date" format,
so I was wondering if I can use the unix timestamp field I have indexed in
my elasticsearch for the same purpose. Its a date in different format.

I tried a couple of things myself, didnt work. Can you please suggest?

What exactly did you try? If you are indexing a timestamp with seconds
resolution rather than milliseconds resolution, look at the factor
parameter for date histogram. (See

).

5

Hey Colin,

Yes, I missed the "factor" part. Many thanks. Its working fine now :).

Thanks,
Komal.

On Tuesday, July 10, 2012 8:37:23 PM UTC+5:30, Colin Dellow wrote:

On Monday, 9 July 2012 05:45:50 UTC-4, Komal wrote:

Hi,

I am building a log analysis tool and want to create the timeline series
graph of the number of log entries logged.

I wish to use the date histogram feature for it. A query like:
"facets" : {
"histo1" : {
"date_histogram" : {
"field" : "field_name",
"interval" : "day"
}
}
}
would work just fine for me. I dont have any field in the "date" format,
so I was wondering if I can use the unix timestamp field I have indexed in
my elasticsearch for the same purpose. Its a date in different format.

I tried a couple of things myself, didnt work. Can you please suggest?

What exactly did you try? If you are indexing a timestamp with seconds
resolution rather than milliseconds resolution, look at the factor
parameter for date histogram. (See
Elasticsearch Platform — Find real-time answers at scale | Elastic
).