It says: "Internally, dates are converted to UTC (if the time-zone is specified) and stored as a long number representing milliseconds-since-the-epoch."
What are all possible ways to specify the timezone?
Here:
PUT my-index-000001/_doc/2
{ "date": "2015-01-01T12:10:30Z" }
Z is the timezone here.
I'm sorry, but how does the character 'Z' specify which timezone this date-time belongs to?
In that cas Z means UTC.
You can have a look at this:
+01:00[Europe/Paris]
Is another timezone for example
+01:00
This one as well
I see. So the allowed formats are ISO 8601. So are all of them allowed or just the Predefined Formatters in this Java class? And what should have 'allowed me to guess' this is the case from the link I provided first? I'm asking because since this isn't written there its probably 'obvious' for some reason.
what method are you using to put data in python? logstash?
this is what you do on python. this will not change time but add timezone to the date.
elastic will change that to UTC and save it. Kibana will convert it back to CST time and shows it on proper timeframe on graph
datetime_obj_cst = pytz.timezone('America/Chicago').localize(mytime_timestamp)
on logstash you don't have to do anything. it will automatically take timezone from system and make it utc and then save it in ELK. and Kibana will convert it back to cst and show you on proper place
date {
match => ["mytime_timestamp", "dd-MMM-yy HH:mm", "ISO8601"]
target => "mytime_timestamp"
}
but if you still want to add timezone
date {
match => ["mytime_timestamp", "dd-MMM-yy HH:mm", "ISO8601"]
timezone => "America/Chicago"
target => "mytime_timestamp"
}
Please try to understand how it is saved in elk and how you retrieve it.
@elasticforme Thanks for the reply! And good to know that logstash does it automatically with some configuration. But I'm indexing documents from a C# console.
@dadoonet Sorry man, I kept asking and forgot to thank your reply. Thanks! Just making me clear - my last question was because if it was obvious for some reason, I should know the reason because it will probably also be omitted in other docs of other platforms/frameworks. My guess now is that "virtually every platform uses ISO 8601 for date formats so it can be omitted" - but if thats true I'm not aware of it.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.