We have a processing facility here that runs an afternoon and night shift. When viewing the daily performance, we look at values from 5am (day 0) to 5am (day 1). Is there a way I can enable this in Kibana and more importantly change my 30-day (daily) chart to show daily values (but from 5am to 5am)??
Help please...
That's a very interesting use case and I'm not aware of a "nice" solution for it. You can create a feature request in the Kibana Githup repository to give the issue more visibility.
When doing a date histogram aggregation, Elasticsearch is using the current time zone to make "nice" buckets, e.g. if you are using the UTC time zone it will create daily buckets from midnight to midnight in UTC. By changing the time zone in the request, you can alter the bucket placement of Elasticsearch. Is is possible to set the time zone in Kibana, however this will also affect date formatting, so hours would not show up correctly and the 5am of your time zone would show up as 0am in Kibana. You could treat that as 0am of the "working day", but I see that could get confusing. For use cases like yours it would make sense to add an option to use another time zone for the requests than for the date formatting, however that's not possible at the moment.
TLDR: That's not possible currently. As a workaround you could change the time zone setting in Kibana to the one 5 hours from the actual time zone of the processing facility - that has the downside that hours won't show the actual wall clock time anymore, but at least the buckets will be placed right.
@flash1293 is this alternative below possible....
@ timestamp value
5:00am < to return > Hour 1
6:00am < to return > Hour 2
7:00am < to return > Hour 3
8:00am < to return > Hour 4
and so on....
then I may be able to display this using the new field on the x-axis...
Thoughts?? If possible, I would need to know the script (I'm not a coding genius like many on this forum...)
That's a good idea, to create your 30-day chart you can use a scripted field likes this:
This should map the events to the right "work day" if you are using a daily date histogram. If you use corrected_day as the date field for the histogram, Elasticsearch will bucket the "corrected" days and put everything from 5am to 5am in one bucket.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
