I have a scripted field generating the hour of the day in a particular index. Unfortunately due to the size and the necessary complexity (result of timezone challenges), it is making some Kibana visualizations slow.
Using a simple scripted field as follows works quickly but is inaccurate:
return doc['@timestamp'].value.getHour();
The one I am using for accuracy is as follows:
return LocalDateTime.ofInstant(Instant.ofEpochMilli(doc['@timestamp'].value.millis),ZoneId.of('America/Chicago')).getHour()
While I could modify the raw data and re-ingest, I would like to figure out how to do this with elasticsearch itself. Is it possible to run a post command to populate a new field like this? If so, how might i go about formulating a post/update like that?