Date formatting yyyy.MM.dd

VeeT · October 9, 2020, 3:26pm

I have a Date input in yyyy.MM.dd format but is getting converted to yyyy.MM.dd HH:mm:ss.ZZZ with the time getting set to "20:00:00.000".

For example, the Date in put is "2020.10.09" but it's getting displayed in Kibana as "Oct 8, 2020 @ 20:00:00.000".

I have the following index mapping for Date:
"Date" : {
"type" : "date",
"ignore_malformed" : false,
"format" : "yyyy.MM.dd||strict_date_optional_time||epoch_millis"
},

We are using ELK 7.6.

How do I keep the date as yyyy.MM.dd in Elasticsearch?

Thanks!
Vee

aaron-nimocks · October 9, 2020, 4:22pm

Not sure where you are seeing the date or how you are looking to use it, but try adjusting the advanced settings and if that gives you what you are looking for.

VeeT · October 9, 2020, 5:16pm

Hi Aaron,
The conversion is happening in Elasticsearch, but I'm viewing in Kibana.

This is the input Date that was sent to Logstash:

This is the output Date that was parsed to display in Kibana:

The goal is to either display Oct 9, 2020 or Oct 9, 2020 00:00:00.000 since there was no time sent as input.

Thanks!
Vee

amorrow · October 9, 2020, 7:26pm

My guess is the date field in the Elasticsearch entry is 2020.10.09 00:00:00.000 UTC. Kibana uses the timezone of your browser to convert the UTC time to your local time. 2020.10.09 00:00:00.000 UTC is 20:00:00 in Easter Daylight time.

Pipelines can set the timezeone for a date field during ingestion. Check out the examples at https://www.elastic.co/guide/en/elasticsearch/reference/current/date-processor.html. When processed the UTC timestamp is offset based on the selected timezone.

VeeT · October 13, 2020, 4:48pm

Thanks Tony.

Do you know if it's possible to just get the date as an input without the timestamp?

amorrow · October 13, 2020, 5:53pm

I do not. I've only worked with logs that contain date-time values. How are you taking your event and breaking it apart to get the date field? Both Logstash and Beats can be used to add a timezone to a date from the event. Maybe you can it there.
Logstash: https://www.elastic.co/guide/en/logstash/current/plugins-filters-date.html#plugins-filters-date-timezone
example:

filter {
    date {
        timezone => "America/New_York"
        match => ["date", "yyyy.MM.dd" ]
    }
}

Filebeat: https://www.elastic.co/guide/en/beats/filebeat/current/add-locale.html

VeeT · October 16, 2020, 3:26pm

Thanks Tony. The data is sent to us with a format of yyyy.MM.dd.

system · November 13, 2020, 3:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Change in Time In elasticsearch and Database Elasticsearch kql-kibana-query-language	4	708	August 18, 2023
Convert Elasticsearch Date/Time field from UTC To Local Time? Elasticsearch	10	18463	October 4, 2021
Kibana can't work with Elasticsearch explicit date format as input Kibana	6	390	July 7, 2023
Why elasticsearch search query (when you inspect)on date is different from kibana query on date? Elasticsearch kql-kibana-query-language	5	326	February 5, 2023
Date Mapping Template Not Being Applied Correctly Elasticsearch	7	204	January 16, 2024

Date formatting yyyy.MM.dd

Related Topics