Incorrect local time in "Time" field in discover tab

Elastic Stack Kibana
1

Hi,
In the discover tab, incorrectly displays the Time field as local time + 03:00. My timezone +03:00. The result is UTC+6.

Kibana
Kibana.png925×581 68 KB

In ES element:

  "hits": {
"total": 1,
"max_score": 1,
"hits": [
  {
    "_index": "wl_test",
    "_type": "doc",
    "_id": "0P5W4mIBFyp8pk_kqxjL",
    "_score": 1,
    "_source": {
      "message": "Self-tuning thread pool contains 1 running threads, 400 idle threads, and 56 standby threads",
      "@version": "1",
      "Time": "2018-04-20 12:15:53",
      "Thread": "Timer-2",
      "@timestamp": "2018-04-20T09:15:53.000Z",
      "timestamp": "1524215753.571",
      "source_host": "ip_host",
      "level": "6",
      "SourceMethodName": "log",
      "LoggerName": "WorkManager",
      "host": "hostname",
      "SourceSimpleClassName": "BaseLogger",
      "SourceClassName": "com.bea.logging.BaseLogger",
      "Severity": "Info"
    },
    "fields": {
      "Time": [
        "2018-04-20T12:15:53.000Z"
      ]
    }
  }
]

}
}

Logstash configuration:
input {
gelf {
port => "12201"
type => "gelf"
}
}
filter {
mutate {
gsub => [ "Time", ",\d\d\d\d$", "" ]
remove_field => [ "facility", "MessageParam0", "MessageParam1", "MessageParam2", "MessageParam3", "MessageParam4", "type" ]
}
date {
match => [ "Time", "yyyy-MM-dd HH:mm:ss" ]
timezone => "Europe/Moscow"
}
}
output {
elasticsearch {
hosts => ["host1:9200","host2:9200","host3:9200"]
index => "wl_test"
manage_template => false
}
}

Mapping field Time in wl_test index:
"Time": {
"type": "date",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
},
"format": "yyyy-MM-dd HH:mm:ss"
}

2

What is your system timezone? Is the data getting stored in Elasticsearch with the correct values? I see that Time has a value of 2018-04-20 12:15:53 and @timestamp has a value of 2018-04-20T09:15:53.000Z. What is the correct value?

How is kibana configured to handle time zones? Under management -> advance settings What is the value of dateFormat:tz?

3
  1. System timezone = "Europe/Moscow" (UTC+3)
  2. Correct value is 2018-04-20 12:15:53, this value corresponds to my timezone.
  3. In Elasticsearch correct values, but I have a doubt about doc_values field:
    "fields": {
    "Time": [
    "2018-04-20T12:15:53.000Z"
    ]
    }
    time in my timezone with Z end (UTC)
  4. Kibana timezone selected Browser ( this corresponds to my timezone)
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.