Date histogram aggregation - Sum of field

Hi guys,
I have a problem when using Date histogram aggregation in Kibana:
My index: [logs]-YYYY.MM.DD
When I search from logs-2018.10.21 to logs-2018.10.23, I have a result:

Screen Shot 2018-10-29 at 2.49.15 PM.png2288×236 22.5 KB

When I search from logs-2018.10.21 to logs-2018.10.24, I have a result:

Screen Shot 2018-10-29 at 2.50.10 PM.png2286×286 28.3 KB

When I search from logs-2018.10.21 to logs-2018.10.25, I have a result:

Screen Shot 2018-10-29 at 2.50.45 PM.png2280×342 34.1 KB

Look at result from 2018.10.23, 2018.10.24. it's changes.
Why does sum of field change and how do I fix it?

I'm using ES 1.7.6 with Kibana 4.1, I tried on ES 5.6.6 with Kibana 5 but result the same.

What happens if you create a date histogram for one index at a time? Indices in Elasticsearch are generally assigned based on UTC time zone while Kibana by default adjusts to the local time zone. The day reported in Kibana could therefore span multiple indices (depending on which time zone you are in) and is not necessarily aligned with the underlying indices. This could explain why the previous days data changes when you add another index. I do however not understand why the data for the 23rd changed when you added the index for the 25th, so it is also possible that you have data for the incorrect period in some of your indices.

I found my mistake.
Thank you so much.

What was the cause of this?

When I run batch job to processing data of logs-2018.10.23 at 25th, I still use logs-2018.10.25 so document of logs-2018.10.23 is wrong.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.