So when you create a new index you have to set a default datefield. This gets used for the global time ranges on queries.
So what do you do if you have multiple date fields and you want to switch which field gets used depending on what you want info on? There doesn't appear to be an easy way, if at all possible, to change what that default is without recreating the index pattern.
For example I am pulling some data from Salesforce. Some types of data have a CreatedDate, some do not. Because of this I have to have @Timestamp as the global date field. @Timestamp exists on every record and is basically an update date of the salesforce record. If I didn't do it this way simple searches in the Discover tab will exclude data that did not have a CreatedDate.
But now if I want to do a date histogram visualization on the subset of data with a CreatedDate I get weird results. The date histogram buckets are being built off of CreatedDate, but the overall X Axis is being controlled by the global date range at the top. This means I get some odd visualizations like below. The global date range (@Timestamp) is set to last 24 hours, but it shows results all the way back to 2015. I had records updated yesterday, but they were created in SF a long time ago.
The closest solution I have found is to force the CreatedDate to a specific range in the query itself. To be safe I also have to open up the global date range up top too.
This solution isn't perfect though. It looks like it may be doing some odd things when trying to adjust for time zone differences. Notice how it pulls results from the 4th, even though by query says to start on the 5th.
You also can't click and drag the visualization to drill down and change the date range.
So is there an easier or better way to do this? Ideally the global date range would automatically adjust to whatever field I have specified in the X-axis date histogram bucket.