Kibana overrides original time format from Elasticsearch

Elastic Stack Kibana
1

Hi,

I have the index below and when I visualise it in Kibana, the log_field.time format is changed. I want to keep it as the original one which is RFC3339. How do I get this sorted? See image at the bottom please. By the way, I am using Fluent-bit to push the logs from K8S node.

Thanks

{
  "took" : 6,
  "timed_out" : false,
  "_shards" : {
    "total" : 1,
    "successful" : 1,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 1,
      "relation" : "eq"
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "dev-logs-8",
        "_type" : "json",
        "_id" : "yKoYN3sBEOe8G5qXyMFs",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2021-08-11T21:22:55.923Z",
          "log" : "{\"level\":\"error\",\"msg\":\"welcome to error page\",\"time\":\"2021-08-11T21:22:55Z\"}\n",
          "stream" : "stderr",
          "time" : "2021-08-11T21:22:55.923110495Z",
          "log_field" : {
            "level" : "error",
            "msg" : "welcome to error page",
            "time" : "2021-08-11T21:22:55Z"
          },
          "kubernetes" : {
            "pod_name" : "api-5b4b8fc569-msnjr",
            "namespace_name" : "dev",
            "pod_id" : "fb99f390-34aa-4e02-882f-42360019b4af",
            "labels" : {
              "app" : "api",
              "pod-template-hash" : "5b4b8fc569"
            },
            "host" : "minikube",
            "container_name" : "golang",
            "docker_id" : "87bfd17861c2e7fb4fffeb3ec8b9b6eb9540f4ac98db68430f6706ac5b74505f",
            "container_hash" : "me/efk@sha256:818f9c1fe6839e9ee47588446c3c7b0a11eecd7f9d029be1deb8b604a44bef96"
          }
        }
      }
    ]
  }
}

a
a800×502 88.9 KB

2

All fields that are indexed as the type date are actually stored internally as a long value representing milliseconds since epoch (NOTE: you should be sending all date values in UTC).

What you are seeing is Kibana formatting the date value for display purposes. You can modify this format globally in Kibana's Advanced Settings...

image
image901×119 9.28 KB

Alternatively you can specify the format on a per field basis in the Index Pattern for the Index...

image
image451×781 42.8 KB

1 Like
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.