How to get all buckets of last 24hrs in date histogram

Elastic Stack Kibana
1

Hi All,

I am using Date Histogram with Minimum interval as Hourly to get the results of Last 24 Hours and getting below graph. (v is 7.4)

Screenshot 2021-07-26 at 4.25.29 PM
Screenshot 2021-07-26 at 4.25.29 PM2760×1320 226 KB

The request is ,

GET access*/_search?pretty=true
{
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "@timestamp",
        "calendar_interval": "1h",
        "time_zone": "Asia/Calcutta",
        "min_doc_count": 0,
        "format": "k"
      }
    }
  },
  "size": 0,
  "_source": {
    "excludes": []
  },
  "stored_fields": [
    "*"
  ],
  "docvalue_fields": [
    {
      "field": "@timestamp",
      "format": "date_time"
    }
  ],
  "query": {
    "bool": {
      "must": [],
      "filter": [
        {
          "match_all": {}
        },
        {
          "match_phrase": {
            "Request_URI": {
              "query": "\"/isp/v1/*\""
            }
          }
        },
        {
          "range": {
            "@timestamp": {
              "format": "strict_date_optional_time",
              "gte": "now-24h",
              "lte": "now"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}

In the curl response, i am getting below

  "buckets" : [
        {
          "key_as_string" : "9",
          "key" : 1627270200000,
          "doc_count" : 44
        },
        {
          "key_as_string" : "10",
          "key" : 1627273800000,
          "doc_count" : 51
        },
        {
          "key_as_string" : "11",
          "key" : 1627277400000,
          "doc_count" : 0
        },
        {
          "key_as_string" : "12",
          "key" : 1627281000000,
          "doc_count" : 0
        },
        {
          "key_as_string" : "13",
          "key" : 1627284600000,
          "doc_count" : 0
        },
        {
          "key_as_string" : "14",
          "key" : 1627288200000,
          "doc_count" : 3
        },
        {
          "key_as_string" : "15",
          "key" : 1627291800000,
          "doc_count" : 16
        },
        {
          "key_as_string" : "16",
          "key" : 1627295400000,
          "doc_count" : 57
        }

Although for last 24h, data first start coming at 9AM but why it's not returning all buckets before 9AM if i am using now-24h .i.e its not showing all last 24 buckets. How can i get that?

Thanks,

2

Hi @prathamesh7

You are using time-based visualisation: it gives you data based on selected time range and bucket is based on interval. You won't see the buckets before previous 24h until you change time range to include that data.

Changing it to now-7d may work for you with the the same interval.

Regards, Dima

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.