Elasticsearch time to as in via python (timezone)

I have a wrote small python script where I am reading certain information from Elasticsearch and pushing that back in to ELK.

what I want it to keep what ever date-time I get from ELK. I want to push same as is back in ELK. but it is converting that to UTC and hence my data are skew

for example
my_date
2020-11-01 success monoexec 116477
2020-11-01 success paraexec 16300

but this my_date becomes 2020-10-31 19:00.00

How do I keep same date that I received from ELK and put it back to elk (this is new index)

Elasticsearch assumes any date that it receives is in UTC. If the python code doesn't include a timezone, you may want to alter it accordingly.

yes I know it is converted back in UTC. but I want to save it as is. i.e add timezone

any python guy might know how to do it

I basically want to add timezone=UTC to data I get because when you run DSL or sql query against elasticsearch you get date in UTC format.

but then when you try to put that back in ELK it moves to local time and whole date gets change.

And I am not even worry about hour. I want d/m/yy same as I pulled from ELK to be back in ELK

For Your requirement define index pattern for datetime fields, which validates the input data and if input data matchs datefiled format then data will be instered as elatic document

ok it is solved.

mytime_timestamp = datetime.strptime(mytime, "%Y-%m-%d")
datetime_obj_utc = mytime_timestamp.replace(tzinfo=timezone('Etc/UTC'))
datetime_obj_cst = mytime_timestamp.replace(tzinfo=timezone('America/Chicago'))

s_achieved = datetime_obj_cst
s_achieved_timezone = datetime_obj_utc

now create two index pattern one with s_achieved time, second one with s_achieved_timezone

for kibana use first index pattern
for sql query use second one.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.