Hi,
I have a lot of custom data in ES, but there is no date or timestamp field. I have instead a large integer that represents UNIX time in microseconds.
Can I still use Timelion ? Or do I need to do other another visualization stack ?
Thanks !
Yeah, you probably need a timestamp field, so that you can run the date_histogram. I would recommend re-indexing your data and creating a timestamp field with that large integer.
Thanks
Rashmi
Great thanks ! Is that easy to do in elastic ? I’m an elastic noob...
Yes indeed. Its very easy. Follow - https://www.elastic.co/guide/en/kibana/current/index-patterns.html
https://www.elastic.co/guide/en/kibana/current/getting-started.html
Do let me know if you have any q.
Thanks
Rashmi
Hmm. I might be missing something easy...
It looks like I want to create a "scripted" field from an existing field.
It turns out the source field is a string.
If I use the painless script editor, it seems to be failing. And its not
clear to me what the error is as I get no feedback from the script editor:
I'm trying to do something like this, as a first step to converting it to a
timestamp:
painless <<
return (long) doc['publishTimeMicros].value
painless <<
But even that doesn't work. And I assume its not working because after I
create the scripted field and go back to "Discover" no searches work. But
if I delete the scripted field, everything returns to normal.
Hey, so I ended up just creating a timestamp field outside of elastic -
before i give the data to elastic.
I used python datetime objects...in case anyone is interested in a hacky
workaround...
-g
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.