Hi, I'm from Santiago de Chile,
I'm inserting data in real time to ElasticSearch, but when I query from Kibana Query or PHP query, I appear with 4 hours.
Check the server where ElasticSearch 7.2.0 runs, it is Centos 7 and it is with the correct time and TimeZone "America/Santiago"
Your help please
Could you share an example (a typical document) of what you mean?
Dear,
I regret that my problem was not understood, but I attach more detailed information:
I have an APM server that runs on the same machine where ElasticSearch is, when I sent data to the APM server, the data appears with 4 hours more.
The computer from where I am sending the information to the APM agent is with the same time and time zone as the APM and ElasticSearch server. TimeZone "America / Santiago"
From a client PC I connect to Kibana by URL to review the data online, but they arrive with 4 more hours.
APM + ElasticSearch server is at the correct time:
Why are the data stored with the time changed in ElasticSearch?
Your help please.
It's because the timestamp is stored in UTC. 19:30 UTC is the same as 15:30 GMT-4 (America/Santiago).
To add onto what @felixbarny said that timestamps for indexed document are stored in UTC (and everything in Elasticsearch are just documents in indexes) but if you navigate to the Discover app or the APM app (or pretty much any app in Kibana) the data will displayed in your local timezone but if you look at the raw document the timestamp will be in UTC, that is how Elasticsearch and Kibana work together.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
