Hi all,
I'm having trouble with data parsing from a database to Elasticsearch.
The "downloaddate" field in the database has a value like "2023-07-12 17:30:17.000."
When I print it in the terminal using stdout, it's correct.
However, when indexed in Elasticsearch, the time changes to (Jul 12, 2023 @ 23:00:17.000).
I tried using a date filter, but the issue remains unresolved.
I'd appreciate any suggestions or help in resolving this time difference problem.
Thank you!
All timestamps in Elasticsearch are in UTC timezone. Kibana do translate the default timestamp to the local timezone when displaying it, which likely is what you are seeing.
As already mentioned all dates in Elasticsearch are stored in UTC and Kibana will convert this UTC date to your local timezone.
The issue here is that your date string does not have any information about the timezone, so Logstash will consider that this date is already in UTC, this is what you get in your stdout output.
The Z in the end of the date means that it is in UTC.
If your date 2023-07-12 17:30:17.000 is not in UTC, but in your local time zone, you need to inform this to logstash in the date filter using the timezone option.
Since Kibana is showing 17:30:17 UTC as 23:00:17 in your local timezone, you are in a UTC+5:30 timezone, so you need to inform that to Logstash.
You can do that adding the canonical name of your timezone, something like Asia/Kolkata which is UTC+5:30, or you can use the numerical offset directly as +0530, but the canonical name is recommended as it will also applies DST changes if it exists.
Use the canonical name or the numeric offset, do not use the abbreviated timezone names like IST as this can not work as expected.
When I parse the data to my local Elasticsearch instance, there is no difference in time. However, when I parse it to Elasticsearch in azure VM, that time difference occurs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
