Getting different @timestamp field in kibana as a JSON document and in Table

shrikantgulia · April 18, 2019, 5:14am

Hello,

My filebeat (data Server ) is in IST Zone and my Elastic timezone is also IST.
When i am parsing the logs .
according to my use case I provided dynamic mapping to my index and my dynamic mapping is

PUT /requestme
{
"settings" : {
"index" : {
"number_of_shards" : 2,
"number_of_replicas" : 0
}
},
"mappings": {
"doc": {
"date_detection": true,

 "properties": {
    "created": { "type": "date",
    "format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
    }
 },
 "dynamic_templates": [
   {
     "integers": {
       "match_mapping_type": "long",
       "mapping": {
         "type": "integer"
       }
     }
   },
   {
     "strings": {
       "match_mapping_type": "string",
       "mapping": {
         "type": "keyword"
           }
         }
       }
 ]

}
}
}

and according to my use case I am having a received field in my logs and I renamed it to a created field and mapped to @timestamp field in logstash

date {
match => [ "created", "yyyy-MM-dd HH:mm:ss" ]
timezone => "UTC"
target => "@timestamp"
}

Now I am getting different time for the same log in Kibana as a JSON and as a table

Please find the screenshot below for both
as you can see that JSON time for the created and @timestamp in JSON is different as compared to table in both screenshot and I in JSON the created field time is the real time of the log.

Please help me to clear the doubt and solve this issue

Divit_Sharma · April 18, 2019, 5:32am

I think it's correct. The json is showing you time in utc and what is stored in elasticsearch. But the table/discover which is kibana converts that utc time to ist as per your browser timezone.

To confirm this check that the discover/table time will be 5 hours 30 minutes ahead

system · May 16, 2019, 5:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.