I have logs with time ticks which I import as timestamp as seconds since epoch using
date {
match => [ "tick", "UNIX" ]
}
And get correct values in @timestamp. Now:
I'd like to be able to use only seconds since epoch in Kibana (in date range selection, displayed as @timestamp and all other things). Is it possible?
Currently (as a workaround) I put on x axis histogram of 'tick' and it kind of works. Problem is that not whole tick range is displayed ( and it makes comparison of few visualizations difficult):
How to make displayed x axis consistent with search range (show empty buckets doesn't work)?
Hmm. The best way to accomplish this is probably to set up your index pattern so that it isn't time-based, then use either the query bar (as you've done above) or just click "add a filter" and select your date and enter the time in ticks.
Ok, and what about question 2? Is it possible to get buckets adjusted to query range? I have several visualizations on my dashboard and all start/end on different values (empty buckets at the beginning of the query range are not displayed), how can I make the x axis consistent ?
The range is most likely based on the time range you've selected in the top right corner. By making an index pattern non-time-based, the range of the visualization should be limited to the data bounds themselves.
Time range is set from the beginning (tick 0). When I make index pattern non-time-based, results are the same. To clarify: the problem is that when I set a tick range [0 TO 12500] my visualization starts from tick 200 (where the first data is) and empty buckets from tick 0 to tick 200 are not displayed
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
