Elasticsearch offset/time_zone appears to have no impact over date_histogram keys

Elastic Stack Elasticsearch
1

Hi,

I am currently working over Elasticsearch version 5.6.5. I encountered a strange problem while working with date_histogram aggregators.

curl -XGET 'localhost:9200'
{
  "name" : "8QffyF_",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "u6ej3wYUQdq3QDrmJoghQQ",
  "version" : {
    "number" : "5.6.5",
    "build_hash" : "6a37571",
    "build_date" : "2017-12-04T07:50:10.466Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}

I inserted one of the dummy documents in ES.

curl -XPOST "127.0.0.1:9200/logs_myindex/1" -d '{"timestamp": "2017-01-01T00:00:00"}'

After that, I tried getting the aggregations with different values of offset & time_zone.

curl -XGET 'localhost:9200/logs_myindex/_search?pretty' -d '{"aggs":{"testAgg":{"date_histogram":{"field":"timestamp","interval":"minute","offset": "+6h"}}},"size":0}'

{
  "took" : 11,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 1,
    "max_score" : 0.0,
    "hits" : [ ]
  },
  "aggregations" : {
    "testAgg" : {
      "buckets" : [
        {
          "key_as_string" : "2017-01-01T00:00:00.000Z",
          "key" : 1483228800000,
          "doc_count" : 1
        }
      ]
    }
  }
}

Similary, other query with different offset value is returning me the same results.

curl -XGET 'localhost:9200/logs_myindex/_search?pretty' -d '{"aggs":{"testAgg":{"date_histogram":{"field":"timestamp","interval":"minute","offset": "+1h"}}},"size":0}'
{
  "took" : 5,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : 1,
    "max_score" : 0.0,
    "hits" : [ ]
  },
  "aggregations" : {
    "testAgg" : {
      "buckets" : [
        {
          "key_as_string" : "2017-01-01T00:00:00.000Z",
          "key" : 1483228800000,
          "doc_count" : 1
        }
      ]
    }
  }
}

Can anyone help me out?

2

This is expected. The offset parameter causes Elasticsearch to compute the bucket for timestamp-offset before adding offset from the computed bucket.

Say your timestamp is 2017-01-01T12:34:56, first we subtract 6 hours, this gives 2017-01-01T6:34:56, then we round to the minute, which gives 2017-01-01T6:34:00 and finally we add back 6 hours, which gives 2017-01-01T12:34:00.

The offset parameter has no effect if it is a multiple of your interval. In your case, since your interval is 1 minute, you would need it to be between 0 and 1 minute for it to have an effect.

Similarly the timezone parameter only has an effect if the time interval is at least day since it only shifts hours.

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.