Kibana displays Unix default date

Elastic Stack Kibana
1

I have uploaded some logs using logstash where I have read the @timestamp field from the logs timestamp using the date filter. I needed to make a histogram based on the hour of the day for all days (i.e. to have values from 0 to 23 on the x-axis and have the sum on all days on the y-axis). Therefore, I created a new field in the grok filter which reads the hour, minute and seconds from the timestamp and saves it in a seperate field called "time".

Before parsing the logs with logstash I used the following query to setup an index in ES and configure the field as a field of type date:
curl -XPUT http://localhost:9200/indexname -d '
{
"mappings" : {
"default" : {
"properties" : {
"time" : {"type": "date", "format" : "HH:mm:ss.SSS" },
}
}
}
}
';

Now when visualizing the results in Kibana using a date histogram, everything works as expected. Except that it gives the default date, which is 1-1-1970 beside the hour, since the field "time" has no date. Is there anyway to stop this so that I have on the x-axis only the hours from 0 to 23?
I have used a workaround which is to read the hours only and to save them as integers. This has the drawback that the histogram can have a precision of one hour only (which in the other case would be up to 1 millisecond).
Kibana version is 4.5.1.

2

It doesn't seem to be supported, my original thought was to use field formatters but the date histogram seems to use its own formatting. There's an issue filed at https://github.com/elastic/kibana/issues/5069.

If you're using a date range aggregation field formatters will work:

Pasted image1605×890 35.3 KB
. You can get to this screen by clicking on the icon in the controls column from the index pattern page for your index.

1 Like
3

Thanks for the answer! I have tried to change the format of the field as you suggested and in the date histogram I still see the same old format with month and year as you have pointed out. The problem is that I cannot use a normal histogram because this is a field of type "date" so if I choose the normal histogram I cannot find it in the drop down menu which only shows numeric fields (integers, floating points, ...etc.).