I am using ELK 6.4.1.
I am indexing a date field ExecutionDate. The filter block in logstash config file looks like below:
date {
match => ["ExecutionDate","ISO8601", "dd/MM/yyyy HH:mm:ss.SSS"]
target => "ExecutionDate"
locale => "en"
}
In Kibana, under Dev Tool, when I run GET /<index_name>/_search, I get below:
"_source": {
"host": "demo-mks",
"message": "23/08/2018 08:35:21.919,1,QA_MVA1_test_model.usp,PCA,data2\r",
"@timestamp": "2018-09-30T10:16:22.801Z",
"@version": "1",
"path": "/opt/elastic/elasticsearch/Data/stat_data_4950.csv",
"Pass": true,
"ActiveDCP": "data2", "ExecutionDate": "2018-08-23T08:35:21.919Z",
"ModelName": "QA_MVA1_test_model.usp",
"ModelType": "PCA"
}
In Kibana, under discover tab, I see that the ExecutionDate is coming at a difference of +5.5hours (for 08:35am, it is showing as 14:05). kibana
The document contains the raw data that has been indexed. These are all in UTC timezone. When Kibana shows results, it will however adjust this to the local timezone, which I assume is 5.5 hours off UTC in your case.
Thanks. Is there any way to turn off the timezone conversion feature in Kibana?
I believe, one turnaround is if I can index this data as string. But for doing date histogram or date range aggregations, I need this column as a date type. Is there any way I can show the raw data as it is as a date field in Kibana?
You can set the timezone used to UTC through dateFormat:tz under the advanced settings section. The raw data in Elasticsearch must however be in UTC timezone.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
