Curl result of a time range query is 8 hours earlier which is not my timezone

Elastic Stack Logstash
1

Hello all,
I am trying with the below simple search query in Kibana:

POST /esd-dhcplog*/_search
    {
      "query": {
        "bool": {
          "must": [
            {
              "range": {
                "received_at": {
                  "gte": "2019-07-03 10:00:00",
                  "lte": "2019-07-03 18:00:00",
                  "format": "yyyy-MM-dd HH:mm:ss"
                }
              }
            },
            {
              "match": {
                "clientIP": "10.32.66.28"
              }
            }
          ]
        }
      }
    }

However, it ended up returning the result which is not UTC+8(my timezone).
The documents shows in Kibana is the correct time which I know Kibana will do the change for me but the query result is changed back to UTC time, so the result is not correct.
How can I fix this? And in the future, I am not using Kibana to curl but a Java app, is it a problem in that situation also?

2

elasticsearch works in UTC. The client is responsible for adjusting times to the local timezone. For Kibana, Kibana does it. For your Java app, the app must do it.

3

Can I minus 8 hours in time range like below?

"received_at": {
"gte": "2019-07-03 10:00:00" - 8,
"lte": "2019-07-03 18:00:00" - 8,
"format": "yyyy-MM-dd HH:mm:ss"
}

4

That is an elasticsearch question, and you should ask it in that forum.

5

Hello @mmk1995

Please try to mark correctly the posts you have marked this one as "logstash" when its clearly about elasticsearch as other users told you.

As you can see at https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html#range-query-field-params

You have the parameter "time_zone" which one you allows you set the timezone of the query response.

I hope this helps. :slight_smile:

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.