I have a csv file that I'm looking to import into Kibana.
There is a date field and a time field. I would like to combine them to be used as a timestamp, so that I can then search for specific time ranges.
However, the import treats these as string fields.
At the time of import, I tried overriding this, but it doesn't seem to work.
Any suggestions, please? Thank you
Once you upload the CSV, there is an option to override the date format, as well as select a time field:
You said it didn't work - what exactly didn't work?
To create a new field from 2 separate field values, I suggest you have a look at runtime fields
Hi @majagrubic, Thanks for your response.
Yes, I did try the same operation that you suggest, but after the index is created, the type of the field still stays at Keyword, rather than Date.
I now found a way to manually edit the type in the "Advanced" section before importing, wherein I can specify it as "date".
For combining the 2 fields, you suggest using runtime fields. Is there a way to do it as an indexed field, so that it will perform search queries faster?
Also, the time in the csv is in my local timezone. For example, the time is "09:15:00", without any offset or any timezone specifier.
When I import it, Kibana treats it as UTC. Is it possible to edit the mapping/configuration so that Kibana will import this as a time in my timezone, without modifying all the records in the csv?
Thanks again.
You can index a runtime field.
Elasticsearch stores the date in UTC internally, and I don't think that can change.
Check this https://www.elastic.co/guide/en/elasticsearch/reference/current/date.html .
Kibana will use your local timezone to display those UTC dates. You can change the display timezone in the Advanced Settings.
Thanks again.
When trying to create an index-time mapping for the combined field, the script throws a compile error if I try to make the result of type 'date'. It works when the result is of type 'keyword'.
I'm looking to combine the 'date' and 'time', both of which are of type 'date', and get a combined field of type 'date'. Can this be done with scripts?
Thanks.
Sorry for the late reply. I am not sure of your exact use-case, but yes, that should be possible.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
