Incorrect month in Elasticsearch date_histogram

Elastic Stack Elasticsearch
1

My Document looks like below:

{
    "_index": "rep_cdr",
    "_type": "doc",
    "_id": "TaArd2YBDRXNehCp7GmW",
    "_score": 1,
    "_source": {
      "level": "info",
      "@version": "1",
      "thirdPartyTime": 139,
      "date": "15-10-2018",
      "time": "15:00:59",
      "reqId": "25718d6e-b8ef-438d-8218-1a8726c6c816",
      "TAT": 1574,
      "message": "",
      "thirdPartyErrorDescription": "",
      "@timestamp": "2018-10-15T10:00:59.146Z",
    }
 }

And I am running following query:

GET rep_cdr/doc/_search
{
  "size": 0,
  "aggs": {
    "datewise": {
      "date_histogram": {
       "field": "date",
       "interval": "day"
      }
    }
  }
}

I am getting below result:

{

  "aggregations": {
    "datewise": {
      "buckets": [
        {
          "key_as_string": "15-01-2018",
          "key": 1515974400000,
          "doc_count": 8
        }
      ]
    }
  }
}

The "key_as_string" gives me wrong month. In document the date field has value "15-10-2018" but "key_as_string" gives me "15-01-2018". I am using Elasticsearch version 6.4. What could be wrong?

2

Looks weird. What is the mapping?

3

Below is the mapping :

      {
  "rep_cdr": {
    "aliases": {},
    "mappings": {
      "doc": {
        "dynamic_date_formats": [
          "DD-MM-YYYY",
          "HH:mm:ss",
          "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
        ],
        "properties": {
          "@timestamp": {
            "type": "date",
            "format": "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
          },
          "@version": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "TAT": {
            "type": "integer"
          },
          "date": {
            "type": "date",
            "format": "DD-MM-YYYY"
          },
          "level": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "message": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 400
              }
            }
          }
          "reqId": {
            "type": "text",
            "fields": {
              "keyword": {
                "type": "keyword",
                "ignore_above": 256
              }
            }
          },
          "response": {
            "type": "keyword"
          },
          "thirdPartyErrorDescription": {
            "type": "text"
          },
          "thirdPartyTime": {
            "type": "integer"
          },
          "time": {
            "type": "date",
            "format": "HH:mm:ss"
          }
        }
      }
    },
    "settings": {
      "index": {
        "creation_date": "1539236694553",
        "number_of_shards": "3",
        "number_of_replicas": "1",
        "uuid": "BYDQOhY_TbWhuqMAOA3iNw",
        "version": {
          "created": "6040099"
        },
        "provided_name": "rep_cdr"
      }
    }
  }
}
4

I don't have time yet to reproduce but could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

5

@dadoonet thanks for your response. The issue is resolved now.
I was using DD-MM-YYYY as date format I changed it to dd-MM-yyyy and now it gives correct "key_as_string" values.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.