Time of Day filter

I am trying to produce a dashboard that has some visualizations but also some data tables. In order to produce the results I need in the data tables, there are times that I must filter based on the time of day. For example, while my date range may be Jan1@00:00-Jan31@23:30, I need to further limit the visualizations to 16:00-21:00.

I've been looking at:

But I can't seem to apply a similar DSL filter to our dashboard. Is there a way to apply a filter above and beyond the built-in date range filter?

Sure, you should be able to filter by using the "add filter" dialog when creating the data table visualization:

image833×373 28.9 KB

Let me know if that helps.

Excellent. I was able to confirm and replicate. The one difficulty I see here is this would seem to require a filter entry for each day. This may not be a problem for shorter analysis but if we were to want to pull up a month or a year, it would be difficult to create one of these for each day (though theoretically possible).

Is there a way to ignore the day and just specify a time? I tried editing in DSL using an * for the day without success. I also noticed that there is a date and a date.keyword option which is the raw date data that gets mapped to @timestamp so I tried a date.keyword of "16:00" but that didn't work either.

I'm wondering if I'll need to create a new field with the hour as an integer so I can filter by that? I wonder if I can use a scripted field for this.

I tried to create a scripted field for this using the above info but seem to be having difficulty.

LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value), ZoneId.of('America/Chicago')).getHour()

produces

{
"root_cause": [
{
"type": "script_exception",
"reason": "runtime error",
"script_stack": [
"LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value), ZoneId.of('America/Chicago')).getHour()",
" ^---- HERE"
],
"script": "LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value), ZoneId.of('America/Chicago')).getHour()",
"lang": "painless",
"position": {
"offset": 62,
"start": 0,
"end": 110
}
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "san-isabel",
"node": "erbPD7dEQPKwU5NNOXVB9g",
"reason": {
"type": "script_exception",
"reason": "runtime error",
"script_stack": [
"LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value), ZoneId.of('America/Chicago')).getHour()",
" ^---- HERE"
],
"script": "LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value), ZoneId.of('America/Chicago')).getHour()",
"lang": "painless",
"position": {
"offset": 62,
"start": 0,
"end": 110
},
"caused_by": {
"type": "wrong_method_type_exception",
"reason": "cannot convert MethodHandle(Dates)JodaCompatibleZonedDateTime to (Object)long"
}
}
}
]
}

and this:

doc['@timestamp'].date.hourOfDay

produces

{
"root_cause": [
{
"type": "script_exception",
"reason": "runtime error",
"script_stack": [
"doc['@timestamp'].date.hourOfDay",
" ^---- HERE"
],
"script": "doc['@timestamp'].date.hourOfDay",
"lang": "painless",
"position": {
"offset": 17,
"start": 0,
"end": 32
}
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "san-isabel",
"node": "erbPD7dEQPKwU5NNOXVB9g",
"reason": {
"type": "script_exception",
"reason": "runtime error",
"script_stack": [
"doc['@timestamp'].date.hourOfDay",
" ^---- HERE"
],
"script": "doc['@timestamp'].date.hourOfDay",
"lang": "painless",
"position": {
"offset": 17,
"start": 0,
"end": 32
},
"caused_by": {
"type": "illegal_argument_exception",
"reason": "Illegal list shortcut value [date]."
}
}
}
]
}

My solution to this ultimately was to create a scripted field that pulled the hour from the @timestamp

Then create a control visualization that allowed to select the hours we wanted to include.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.