Date Maths in Kibana 4

Giovanii_Mirko_Terra · 2015-09-25 17:23:34 UTC

Hi all!,

I was wondering if this feature to work with date maths in scripted fields will be back in some future releases like here : https://www.elastic.co/blog/kibana-4-beta-3-now-more-filtery? As far as I can understand this depends in how far you can get with Lucene expressions but not sure if there were some improvement in elasticsearch 2/kibana 4.2 . Or maybe this is something I should directly manage with other tools like logstash?

Many thanks in advance

tbragin · 2015-09-26 05:08:23 UTC

The reason this is not available any more is because the default scripting engine used in Kibana was switched from Groovy to Lucene expressions for security reasons, and Lucene expressions do not support date math. We are working on alternatives, but no ETA yet on when they would be available.

In the meanwhile, you have the following options:

Use Logstash to parse the date into other structured fields
Use static Groovy scripts on the ES side and call them from Kibana: Calling groovy script from Kibana
Turn on dynamic scripting in ES (not secure!) and specify Groovy as the scripting language in Kibana

system · 2017-07-06 14:12:27 UTC