Elasticsearch query with timezone conversion

Elastic Stack Elasticsearch
1

I have put a record in elk

input
message => '{"submitted_date": "2020-01-14 10:05:11.11"}'

it got saved as UTC, 8 hour earlier (Singapore timezone)

{
    "submitted_date" => 2020-01-14T02:05:11.110Z
}

in kibana dev tool when I run search I get this, which is correct.

GET /sachin_quick_test/_search

    {
              "submitted_date" : "2020-01-14T02:05:11.110Z"
    }

Now I want this to display 8 hour+ but it still displays same. how do I fix this?
am I using wrong parameter?

GET /sachin_quick_test/_search
    {
     "query": { 
       "range" : { 
         "submitted_date": { 
           "gte": "2020-01-13", 
           "lte": "2020-01-15",
           "time_zone": "+08:00"
          } 
        } 
      } 
    }
2

running version 7.5.0

3

Anyone?

4

Anything I can do to move time + or - ?
I see bunch of people has same question same query listed in elastic documents.
why is it not working?

5

Read this and specifically the "Also be patient" part.

It's fine to answer on your own thread after 2 or 3 days (not including weekends) if you don't have an answer.

6

If I understood correctly.

What about giving the right timezone at index time?

7

if I save with right timezone then result in kibana is off.

We want to let elasticsearch and kibana handle their thing. As all of you mentions in other posts.

and retrieve data using time_zone
because very few people are going to retrieve data using query

we have different data from CST/GMT/SGT and many more timezone.
if we convert it while ingestion we will have to change timezone in kibana setting for everyone as well.

8

So you want to ingest data as GMT based and see the data with the GMT time from everywhere in the world?

If you index something which time is 1AM, you want to see this value 1AM even if you're not in the GMT timezone.

Did I understand ?

9

Sorry I am not able to make it clear.
let me try again.

I want date field ingested and converted by Elasticsearch and Kibana as it should be doing by default ( that is convert everything to UTC, and display back on kibana with broweser time)
above is working as it is design by ELK

But currently when I go to dev tool and run query date is in UTC.
Where I would like to convert to whatever timezone I define in query which is not working.

For example - This is default

GET /sachin_quick_test/_search
{
 "query": { 
   "range" : { 
     "submitted_date": { 
       "gte": "2020-01-13T00:00:00"
     } 
   } 
 } 
}

Output looks like this
"submitted_date" : "2020-01-14T02:05:11.110Z",

But I want to be display at 10:05:11.11 ( as Perth time SGT, +8 hour, as I am defining time_zone )

GET /sachin_quick_test/_search
{
 "query": { 
   "range" : { 
     "submitted_date": { 
       "time_zone": "+08:00",
       "gte": "2020-01-13T00:00:00",
       } 
   } 
 } 
}

But it still displays same no conversion happens.
"submitted_date" : "2020-01-14T02:05:11.110Z",

10

shouldn't it add 8 hour to existing time?

11

Not when giving back the results. I mean that elasticsearch always gives you back the document as it has been indexed with no transformation. If this is what you mean.

12

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.