Understanding DISK Space Overview Response

Hi -
Am trying to create the DSL queries to verify the response at the API level using Elastic Search Gem.
I got stuck in understanding the request sending to the the Elastic Search:
Below is a example:

Here is the request sent from a DISK space over view dashlet for last 15 minutes:

{
"size": 0,
"aggs": {
"1": {
"avg": {
"field": "system.fsstat.total_size.total"
}
},
"2": {
"avg": {
"field": "system.fsstat.total_size.used"
}
},
"3": {
"max": {
"field": "system.fsstat.total_files"
}
}
},
"highlight": {
"pre_tags": [
"@kibana-highlighted-field@"
],
"post_tags": [
"@/kibana-highlighted-field@"
],
"fields": {
"": {}
},
"require_field_match": false,
"fragment_size": 2147483647
},
"query": {
"bool": {
"must": [
{
"query_string": {
"query": "metricset.module: system AND metricset.name: fsstat",
"analyze_wildcard": true
}
},
{
"query_string": {
"analyze_wildcard": true,
"query": ""
}
},
{
"range": {
"@timestamp": {
"gte": 1484891255261,
"lte": 1484892155262,
"format": "epoch_millis"
}
}
}
],
"must_not": []
}
},
"_source": {
"excludes": []
}
}

I'd like to understand, how the range works here, how the time stamps has been sent ? what is "epoch_millis" ? Please let me know. thanks !

Looks like you grabbed this query from a Kibana visualization's Spy panel. When you select a date range in Kibana, it shows you human-readable dates to choose from, but internally converts those dates to epoch_millis, which is Elasticsearch's term for the number of milliseconds since the Unix epoch (Jan 01, 1970).

There are ways to do this date conversion in pretty much every programming language, I'm sure. If you want a quick check on how something converts, I recommend this tool: https://currentmillis.com/

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.