Skip to content

Instantly share code, notes, and snippets.

@icecrime

icecrime/cant_even.md

Last active August 29, 2015 14:27
Show Gist options
  • Save icecrime/7d634bc64f9f4dd895d3 to your computer and use it in GitHub Desktop.
Save icecrime/7d634bc64f9f4dd895d3 to your computer and use it in GitHub Desktop.
Download ZIP
Kibana / ES timezone issue
Raw
cant_even.md

Kibana Data Table does the following request without any result:

{
  "size": 0,
  "query": {
    "filtered": {
      "query": {
        "query_string": {
          "query": "*",
          "analyze_wildcard": true
        }
      },
      "filter": {
        "bool": {
          "must": [
            {
              "range": {
                "_timestamp": {
                  "gte": 1439659514943,
                  "lte": 1439673914943
                }
              }
            }
          ],
          "must_not": []
        }
      }
    }
  },
  "aggs": {
    "2": {
      "date_histogram": {
        "field": "_timestamp",
        "interval": "5m",
        "pre_zone": "-07:00",
        "pre_zone_adjust_large_interval": true,
        "min_doc_count": 1,
        "extended_bounds": {
          "min": 1439659514943,
          "max": 1439673914943
        }
      }
    }
  }
}

Elastic Search has the following document in the index:

# curl elasticsearch:9200/[redacted]/[redacted]/[redacted]?fields=_timestamp | jq .
{
  "_index": "[redacted]",
  "_type": "[redacted]",
  "_id": "[redacted]",
  "_version": 1,
  "found": true,
  "fields": {
    "_timestamp": 1439673273000
  }
}
  • 1439659514943 = Sat, 15 Aug 2015 17:25:14 GMT
  • 1439673914943 = Sat, 15 Aug 2015 21:25:14 GMT
  • 1439673273000 = Sat, 15 Aug 2015 21:14:33 GMT

Why, why, why is it empty in Kibana?

@icecrime
Copy link
Author

Also tried with { "pre_zone": "UTC" } as extra JSON Input in the date aggregation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment