Currently trying to create a Kibana dashboard with realtime user information (current user count, where they are working etc) and I'm having trouble contraining a visulization timewise.
I've tried in a filter
@timestamp:[now-6M/M TO now]
and in the json input field
{
"range" : {
"@timestamp" : {
"gte": "now-6d",
"lte": "now"
}
}
}
However it is not working and I get the following error.
I have had this working previously, although different versions of Elasticseach1.6+ and Kibana4
I've tried to enable groovy scripting by adding
script.disable_dynamic: false
to the yml file, however it doesn't seem to be the problem. Any hints or is relative time ranges not possible anymore?
Error:
Error: Request to Elasticsearch failed:
{"error":"SearchPhaseExecutionException[Failed to execute phase
[query], all shards failed; shardFailures
{[bzqrC3gbSPi7fp0OWh81VQ][logstash-2015.02.14][0]:
SearchParseException[[logstash-2015.02.14][0]:
query[ConstantScore(BooleanFilter(+cache(@timestamp:[1437289456709 TO
1439881456710])))],from[-1],size[0]: Parse Failure [Failed to parse
source
[{\"size\":0,\"query\":{\"filtered\":{\"query\":{\"query_string\":{\"query\":\"\",\"analyze_wildcard\":true}},\"filter\":{\"bool\":{\"must\":[{\"range\":{\"@timestamp\":{\"gte\":1437289456709,\"lte\":1439881456710}}}],\"must_not\":[]}}}},\"aggs\":{\"1\":{\"cardinality\":{\"field\":\"fields.UserName.raw\",\"range\":{\"timestamp\":{\"gte\":\"now-6d\",\"lte\":\"now\"}}}}}}]]];
nested: SearchParseException[[logstash-2015.02.14][0]:
query[ConstantScore(BooleanFilter(+cache(@timestamp:[1437289456709 TO
1439881456710])))],from[-1],size[0]: Parse Failure [Unexpected token
START_OBJECT in 1.]];
}{[bzqrC3gbSPi7fp0OWh81VQ][logstash-2015.02.15][0]:
SearchParseException[[logstash-2015.02.15][0]:
query[ConstantScore(BooleanFilter(+cache(@timestamp:[1437289456709 TO
1439881456710])))],from[-1],size[0]: Parse Failure [Failed to parse
source
[{\"size\":0,\"query\":{\"filtered\":{\"query\":{\"query_string\":{\"query\":\"\",\"analyze_wildcard\":true}},\"filter\":{\"bool\":{\"must\":……………………………………………..
at http://kibana:5601/index.js?_b=7489:43092:38
at Function.Promise.try (http://kibana:5601/index.js?_b=7489:46434:26)
at http://kibana:5601/index.js?_b=7489:46412:27
at Array.map (native)
at Function.Promise.map (http://kibana:5601/index.js?_b=7489:46411:30)
at callResponseHandlers (http://kibana:5601/index.js?_b=7489:43064:22)
at http://kibana:5601/index.js?_b=7489:43182:16
at wrappedCallback (http://kibana:5601/index.js?_b=7489:20893:81)
at wrappedCallback (http://kibana:5601/index.js?_b=7489:20893:81)
at http://kibana:5601/index.js?_b=7489:20979:26
Using Kibana 4.1.1 and Elasticsearch 1.7 on Windows 2012r2, jre 1.8.0.31
Best Answer
You can use time range filter like:
to get the data for the last 6 months.