Hi i running my el;asticsearch and elastalert in docker. Data pass from beat to Elasticsearch. In Elasticsearch the time is stored local time but in elastalert is in UTC time. so when i test rule, i am hitting 0 hit sicne lastalert looking at utc time. is there a way to resolve it?
This is not correct, in Elasticsearch the date and time fields are always stored in UTC and you can't change it.
hi when i check @timestamp, i see my country time. I could not find UTC time
when i check kibana i get local country time
The date is still in UTC, it is Kibana that converts the time for your timezone, the data in elasticsearch is still in UTC.
You can check that, go to Discover and for a document select the JSON tab, you will see that the time is in UTC.
The time in elasticsearch is always in UTC, the conversion to any other timezone is done on the visualization side, Kibana does that for example.
You will need to check if elastalert can do that as always.
thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.