Hey Guys and Gals,
I’m trying to make a sum graph from events with a duration and very short bucket sizes (1s to 10s), where each bucket contains the data point for all events that took place during that time but might not be caught by @timestamp anymore.
I prepared both a duration field and an array of timestamps in 1s intervals for the duration, but when I try to point date histogram to use that array it defaults back to @timestamp.
Is there any way to get this to work, ie. some bucket-range variable I can add to the query or get the date histogram to work with the array?