How does Kibana's timestamp-based filtering work?

Hello, everyone.

I have a question about filtering data from Elasticsearch based on the UTC timestamp.

The requirement is to display the date and time details in the local time zone after retrieving the data from elasticserach in UTC Ttimezone for today.

The problem here is that it retrieves the data from Elasticsearch for the specified browser timezone when I set the timezone setting with the browser.

We needed filters to retrieve data from Elasticsearch in UTC and display it in the browser's timezone.

Is there any configuration that we are missing?

I have looked at every configuration that could be used, but I have not found the answer I was hoping for. Thank you in advance for your assistance.

All data in Elasticsearch is stored as UTC, if you send a date string to Elasticsearch without specifying the timezone offset, it will assume that the date is in UTC.

The requirement is to display the date and time details in the local time zone after retrieving the data from elasticsearch in UTC Timezone for today.

The default Kibana time zone is browser timezone.

Check this similar discussion: Timezone issue

Yes, we have three indexes: endpoints, parameters, resources, and resource metadata.
We are examining the resources that are normal, abnormal, and critical zone.
The endpoint index stores the number of abnormal, normal, and critical zones for each parameter.
The parameter index stores the number of abnormal, normal, and critical zones for the resources, while the resource index stores the value, timestamp, and zone.

Here, we are updating the parameters and resource zone count via the backend by fetching the resources for today using the UTC time stamp; it is calculating correctly as expected.

All the details we are showing with help of dashboard with the today's filter. The endpoint dashboard displays all available endpoint parameters and their zone-specific counts in a tabular format.
The parameter has the same dashboard as before, but it now displays resource information.

For these indexes, I calculated the zone using the UTC timezone.

However, when I drill down to the resource level, the resources do not populate for today, but they do have details for the UTC timezone rather than the local timezone.

I hope you clear with the scenario what we are expecting and the outcome.

Thanks for the detailed explanation. Let's check a couple of things.

  1. The issue can be related to field mapping. Make sure that all your date fields has date field type.
  2. If all fields indexed as date consider to add an ingest pipeline to give the correct time zone during indexing.

If above won't help, please share more details about the issue and give an example what is expected.

For the timestamp field, we are utilizing the date type with format epoch_second.

The data is being stored in the utc timestamp.
Additionally, it retrieves the time zone of the browser while filtering.

For example, if we posted the data at 6:40 PM in the IST zone, the timestamp posted in the UTC timezone indicates that it is the next day.

The resources are being rendered between 12 AM and 11:59 PM in the IST browser timezone.

The expected output should be that it filters the data based on UTC timezone only, but when the graph is rendered, the date and time details in the user's browser timezone will be displayed.