Incorrect month in Elasticsearch date_histogram

alinaqi306 · October 30, 2018, 5:32am

My Document looks like below:

{
    "_index": "rep_cdr",
    "_type": "doc",
    "_id": "TaArd2YBDRXNehCp7GmW",
    "_score": 1,
    "_source": {
      "level": "info",
      "@version": "1",
      "thirdPartyTime": 139,
      "date": "15-10-2018",
      "time": "15:00:59",
      "reqId": "25718d6e-b8ef-438d-8218-1a8726c6c816",
      "TAT": 1574,
      "message": "",
      "thirdPartyErrorDescription": "",
      "@timestamp": "2018-10-15T10:00:59.146Z",
    }
 }

And I am running following query:

GET rep_cdr/doc/_search
{
  "size": 0,
  "aggs": {
    "datewise": {
      "date_histogram": {
       "field": "date",
       "interval": "day"
      }
    }
  }
}

I am getting below result:

{

  "aggregations": {
    "datewise": {
      "buckets": [
        {
          "key_as_string": "15-01-2018",
          "key": 1515974400000,
          "doc_count": 8
        }
      ]
    }
  }
}

The "key_as_string" gives me wrong month. In document the date field has value "15-10-2018" but "key_as_string" gives me "15-01-2018". I am using Elasticsearch version 6.4. What could be wrong?

dadoonet · October 30, 2018, 5:44am

Looks weird. What is the mapping?

alinaqi306 · October 30, 2018, 6:05am

Below is the mapping :

      {
  "rep_cdr": {
    "aliases": {},
    "mappings": {
      "doc": {
        "dynamic_date_formats": [
          "DD-MM-YYYY",
          "HH:mm:ss",
          "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
        ],
        "properties": {
          "@timestamp": {
            "type": "date",
            "format": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
          },
          "@version": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "TAT": {
            "type": "integer"
          },
          "date": {
            "type": "date",
            "format": "DD-MM-YYYY"
          },
          "level": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "message": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 400
              }
            }
          }
          "reqId": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "response": {
            "type": "keyword"
          },
          "thirdPartyErrorDescription": {
            "type": "text"
          },
          "thirdPartyTime": {
            "type": "integer"
          },
          "time": {
            "type": "date",
            "format": "HH:mm:ss"
          }
        }
      }
    },
    "settings": {
      "index": {
        "creation_date": "1539236694553",
        "number_of_shards": "3",
        "number_of_replicas": "1",
        "uuid": "BYDQOhY_TbWhuqMAOA3iNw",
        "version": {
          "created": "6040099"
        },
        "provided_name": "rep_cdr"
      }
    }
  }
}

dadoonet · October 30, 2018, 5:17pm

I don't have time yet to reproduce but could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

alinaqi306 · October 31, 2018, 6:20am

@dadoonet thanks for your response. The issue is resolved now.
I was using DD-MM-YYYY as date format I changed it to dd-MM-yyyy and now it gives correct "key_as_string" values.

system · November 28, 2018, 6:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.