We are facing one time zone issue which is impacting all our
Kibana dashboards and visualizations where Kibana as well uses query
string query for the time we choose on upper right corner using "now"
keyword.
After drilling down further, I realized that the elastic
search field type dateOptionTime store the time stamp coming in format
"yyyy-MM-ddTHH:mm:ss" in UTC time zone (This is seems to be due to
JODA Date time stamp API being used by elastic search). However our elastic search clusters are set in
EST time zone machines, so somehow it
seems elastic search changes this data time to time-5hour assuming the time is incoming
from UTC time zone machines and store the same date time as UTC time zone (This
is one issue). it is impacting Kibana where it shows all timestamp in EST time zone by adjusting
them to minus 5hour. So every data time stamp appear as -5hour in Kibana output.
To overcome this issue, we changed the Kibana time zone (in latest version of Kibana) to UTC so that this timestamps appearance will be nullified to +5h** and exact data timestamp will be shown on charts. This
has resolved our problem to some extent where timestamp appearance is accurate,
but with this change now we are facing one weird problem where all the queries in Kibana which are using “now”
identifier in query string for time matching, this “now” identifier after 7PM
**EST returns next day for all queries (This is another issue). So wherever
elastic search query string query feature where when we use "now"
identifier to indicate date & time for query as current date & time,
the query take this “now” as next day after 7PM(i.e. adds 5hour to current
date).
We would appreciate, if someone can help us here as where we
should fix this issue? OR is there any fix for elastic search where some kind
of time zone setting can be made to make elastic search to understand all data
timestamp as EST timestamp so that it won’t change them to -5h and store as UTC
time zone instead of EST?