I am getting 12 Hours difference in Date. I want to set that date format to local time that is GMT+5.
And I have set kibana default time period to Browser. Any one can help me how to set is as local time.
Where are you getting this difference? In Kibana?
The date/time fields in elasticsearch are always stored in UTC and you can't change that, what you can change is the visualization.
Per default, Kibana will convert the UTC time to the browser time, but you can change that to convert to a specific timezone in the advanced settings, just search for timezone.
What you need to make sure is that you are ingesting the date and time fields correctly.
For example, if you have the time:
If you are in a timezone of UTC+5 (GMT+5) and you have the local time: 2021-09-06 09:10:15, this time in UTC would be 2021-09-06 04:10:15, since the date/time string doesn't have any timezone information, you can't simply ingest as 20210-09-06 09:10:15, as elasticsearch will assume that this is the UTC time and when you visualize it in Kibana it will again convert to your local time adding +5 hours.
When ingesting you need to have your time converted to UTC before or you need to add timezone information to your date/time string, how to do that will depending on how you are ingesting your data.
Can you provide more information about how you are ingesting your data?
I have ReceivedOn field and I have targeted timestamp with this field in logstash like that
date{
match=>["ReceivedOn", "MM/dd/yyyy HH:mm:ss a"]
target => "@timestamp"
}
This time goes back to 12 hours.
What is the value of the field ReceivedOn ? In which timezone is the value generated? Share an example of the date.
As I said if your date doesn't have a timezone in the format, you need to set it during ingestion, in logstash you can do that adding the option timezone => "-XXXX" which the difference from UTC, for example timezone => "+0500", this tell logstash that the value of the field in the date filter is on the timezone UTC+5, so it will correctly convert to UTC.
"ReceivedOn":"9/6/2021 4:00:32 PM"
My timezone is GMT+5
And Default timezone is Browser
Try to use the following date filter, this will tell logstash that your date is in the UTC + 5 timezone.
Also, you don't need to set the target option if you want to store the result of the date filter in the @timestamp field, this is the default behaviour.
date{
match=>["ReceivedOn", "MM/dd/yyyy HH:mm:ss a"]
timezone => "+0500"
}
I think it is getting confused with AM/PM, still graph showing 12hour difference, 6PM gives me 6AM.
"ReceivedOn":"9/6/2021 6:00:00 PM", I have given this date and graphs on 6AM
Oh, I see.
You can't use HH if you have AM/PM format set.
As you can see in the joda-time documentation, H is used for the hour of day (0-23) and h is used to hour of halfday (1-12), which is your case.
Try to change HH to hh.
Thank You so much Sir for your precious time.
You saved by life. 
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.