I am using a locally deployed elasticsearch and kibana. When I send data to an index with the current timestamp - in kibana it is displayed as being 5:30 hours ahead of the current time.
I came to understand that this is because my current timezone is GMT+5:30. So since the logs are being sent 5:30 hours ahead of time, that would imply that I am already on GMT right? But that is not the case. My current time in kibana is the actual time in my area, which on further searching I realised is being fetched from the browser.
I found the default timezone setting in kibana(via kibana->management->advanced settings), but when I change the default timezone in kibana to GMT (from the default value of browser), then my current time changes to GMT, but the logs that were 5:30 hours ahead of the current time are still 5:30 hours ahead of the current time. It's just that both the times have had 5:30 hours deducted from them. This is the view that makes sense, that the data is 5:30 hours ahead of GMT. But why does it stay ahead of me when timezone is set to browser even though my browser is on the right timezone (GMT+5:30)
I changed the timezone to UTC but it had no effect whatsoever. It seems to be the same as GMT. Any new data I add to an index is still 05:30 hours ahead of me and stays that way no matter which timezone I select.
here is the timestamp I'm sending in the data, maybe I need to change it's format? 'timestamp': '2022-11-28T13:49:42.077248'
You probably need to update your mappings for the index so that ES can recognise the date properly or change timestamp format to the one of default ones:
You can read more here:
Changing the timezone in Kibana won't fix the issue and will probably make everything harder for the people who needs to use Kibana.
You should let Kibana get the timezone from the browser, which is the default.
Your issue is probably related on how you are indexing your data and how your date string looks like, you need to provide more context about it.
For example, this date you shared:
'timestamp': '2022-11-28T13:49:42.077248'
Is it your local time? Is it in UTC? How are you ingesting your data? Elasticsearch stores all the date strings in UTC, if your date string has a time offset, but this is not explicit in the date string, elasticsearch will assume it is in UTC and this may leads to issues like yours.
If this date, 2022-11-28T13:49:42.077248 is in your local time, which has a 05:30 offset in UTC, and you are not passing any information about this offset to elasticsearch, it will be ingested as it is in UTC, when you see this document in Kibana it will add another 05:30 offset.
So the first thing is, how are you indexing your data, and in which timezone is your data?
I was only adding a 'Z' at the end of the time format, as I thought is the case for ISO format. I removed the 'Z' and appended '+05:30' before indexing it and that has solved the problem for me. Thanks a lot!
Also adding this resource which helped me with the right format to use
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.