It is not a problem when you use Elasticsearch 5.x and Kibana 5.x.
But for old ES 2.4.x and Kibana 4.6.1 it's kinda challenge, but I found the solution:
Alter Elasticsearch security config:
search: true # you'll be able to get value of this field in search results
aggs: true # you'll be able to use this field in search aggregation in histogram
Create two numeric scripted fields in Kibana:
time.hourOfDay -> doc['time'].getHourOfDay() - it is a simple Lucene expression
time.dayOfWeek -> doc['time'].date.dayOfWeek - it is a groovy script which won't work without a hack below:
Then in Chrome open the developer tools -> network and find the query which applies these rules and using right click choose Copy as cURL
Alter this command and set groovy instead of expression inside the lang field for the time.dayOfWeek field and run the command.
Then try to discover the logs and you should find time.dayOfWeek and time.hourOfDay in log fields.
Now you can create a heatmap (https://github.com/stormpython/heatmap) with the properties below:
- Columns: time.dayOfWeek
- Rows: time.hourOfDay
And now you see that people don't work on Friday evenings :