One of our analysts noticed that when you generate a report in Kibana (v. 6.5.4, the resulting CSV changes all timestamps to EST time rather than using the time zone configured in dateFormat:tz (currently set to UTC). I was able to reproduce this problem by creating a saved search and exporting it as a CSV. The saved report timestamps are correct and match the timestamps in the raw message, while the timestamps in the generated CSV are off by 6 hours.
Any ideas about what might be causing this?
The @timestamp field is by definition UTC but Kibana is supposed to adjust it to the browser's time zone.
-Rashmi
Am checking this behavior on latest 6.6.0 and will keep you posted.
Rashmi
As it turns out, Kibana is using the OS timezone when you generate a report rather than using the timezone in advance settings. Elastic support was able to reproduce this issue and has created a bug for it.
As a work around, I set my servers timezone to UTC and rebooted Kibana.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.