Use @timestamp as metric in an elastic dashboard

Question

Problem

I am trying to build a dashboard in elastic with a table to monitor job runs.

I want to have per run the minimum timestamp (ie. job start) and the number of processed messages. The minimum timestamp is my problem, I can't seem to get it.

What I have done

All my log lines have as (relevant) fields: @timestamp, nb_messages, run_id. run_id is unique per run, and a run creates multiple log lines.

I create a dashboard, add a TSVB panel, and select Table.

I use run_id as the field to group by.

I can use max(nb_message) in my table without issue.

But if I use min(@timestamp), or any other aggregation than count, I just get a -.

I first tried with a lens instead of a TSVB panel, and I had the same issue, but with as message: To use this function, select a different field.

I can confirm in the index that logging.timestamp has date for type.

Question

Is there a way to use the timestamp as metric?

Answer 1

I would use a "normal" data table visualization (navigate through Aggregation based option in the Visualization menu if you're using the latest version of Kibana) instead of the TSVB. There, the default metric is count representing the amount of events of the index pattern in the selected time range. You can use the min metric on the @timestamp field and aggregate/group your data as you want.

The preliminary is of course that the selected index pattern contains an @timestamp field.

I hope I could help you.