Hello,
I installed ELK V7.6.1 on an AWS Linux 2 EC2.
When I ran a Data Histogram Aggregation in Kibana visualization with a time filter crossing over UTC and BST, e.g. from 2020-03-01T00:00:00.000 to 2020-04-01T00:00:00.000, the visualization showed duplicate records for 2020-03-29.
|2020-03-28|95,767|
|2020-03-29|99,609|
|2020-03-29|139,228|
|2020-03-30|144,467|
|2020-03-31|1|
The Kibana request had a date range like following:
{
"range": {
"@timestamp": {
"gte": "2020-03-01T00:00:00.000Z",
"lte": "2020-03-31T23:00:00.000Z",
"format": "strict_date_optional_time"
}
}
}
The underneath response from ElasticSearch was like following:
{
"key_as_string": "2020-03-28T00:00:00.000Z",
"key": 1585353600000,
"doc_count": 95767
},
{
"key_as_string": "2020-03-29T00:00:00.000Z",
"key": 1585440000000,
"doc_count": 99609
},
{
"key_as_string": "2020-03-30T00:00:00.000+01:00",
"key": 1585522800000,
"doc_count": 139228
},
{
"key_as_string": "2020-03-31T00:00:00.000+01:00",
"key": 1585609200000,
"doc_count": 144467
},
{
"key_as_string": "2020-04-01T00:00:00.000+01:00",
"key": 1585695600000,
"doc_count": 1
}
Apparently, Kibana converted BST to UTC and display only the date part of converted UTC time with aggregation buckets. However, this conversion seems to be unwanted and visualization output is confusing.
Can someone take a look at this issue please?
Thanks,
Landong Zuo