Is there a way to set Kibana's default timezone to UTC from the yml file?

reillye · August 6, 2019, 10:12am

We are using Kibana 6.5.4, and have an issue where our data which is timestamped in UTC from our applications, is showing up incorrectly in Kibana. I've found this is because the Kibana settings default to using the browsers timezone, which right now is BST (so an hour ahead of UTC).

We run everything up using Docker, so every time we bring Kibana down and back up, we have to manually change the Kibana timezone setting back to UTC as the setting is lost when the Docker container is destroyed.

Is there away I can configure Kibana to always run in UTC, perhaps by adding to the kibana.yml file, as this file is mounted externally using Docker compose?

christophilus · August 6, 2019, 4:05pm

It's not configurable in that way. It's stored in a document in Elasticsearch, so you'd need to make your data persist across Docker destruction. If you really wanted to, you could create a script that wrote this setting to Elasticsearch when you stand up a new Docker environment. But... it's not supported, so there's no guarantee your script will work across Kibana upgrades, as we may change how we store settings.

Here's a sample config document from my local server, for reference:

  {
    "_index" : ".kibana",
    "_type" : "_doc",
    "_id" : "config:8.0.0",
    "_score" : 1.0,
    "_source" : {
      "config" : {
        "buildNum" : 9007199254740991,
        "dateFormat:tz" : "Africa/Abidjan"
      },
      "type" : "config",
      "updated_at" : "2019-08-06T16:02:05.128Z",
      "references" : [ ]
    }
  },

reillye · August 7, 2019, 9:47am

Thanks for your reply.

We do persist our index data, so we don't have to re-create everything every time we bring containers down. However I've just had a look at my .kibana index, and the structure is different to yours. See a cut down of it below:

{
	".kibana_1" : {
		"aliases" : {
			".kibana" : {}
		}		
	},
	"mappings" : {
		"config" : {
			"dateFormat:tz" : {
				"type" : "text",
				"fields" : {
					"keyword" : {
						"type" : "keyword",
						"ignore_above" : 256
					}
				}
			}
		},
	}    	
}

As you can see the format is different to yours. Am I looking at the correct file? How would I go about updating it to ensure the format is UTC, similar to yours?

christophilus · August 7, 2019, 3:02pm

That looks like it's just the mappings. You want to query the index for documents of type "config".

reillye · August 14, 2019, 3:56pm

Sorry for the delayed response. I'm not sure how to write the query you have suggested.

If I do a GET .kibana/ request it will return the index, and I have manually done a search for "config" but it only turns up the result under the mappings.

Could you explain how I query for specific documents of type "config"? I've tried querying for them using GET .kibana/config but it throws an error saying it is an incorrect request

system · September 11, 2019, 3:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.