Kibana showing incorrect timestamp

Hello,

I am having issue with how Kibana shows timestamps of my documents indexed in Elasticsearch.

I have a document looking like:

{ 
 "_index": "speedtest",
  "_type": "_doc",
  "_id": "1-nldXwBFYKxSrUSopKs",
  "_version": 1,
  "_score": 1,
  "_source": {
    "timestamp": "2021-10-12T21:05:55.825681",
    "upSpeed": 24.8,
    "downSpeed": 108
  },
  "fields": {
    "upSpeed": [
      24.8
    ],
    "downSpeed": [
      108
    ],
    "timestamp": [
      "2021-10-12T21:05:55.825Z"
    ]
  }
}

But kibana always shows time with +2 hours (Oct 12, 2021 @ 23:05:55.825). So whenever I use the quick time filters like last 15 minutes it shows 2hours old data.
I have set tried seting the dateFormat:tz to Europe/Prague which shows it with +2 hours. When I change it to GMT+0 it shows the time correctly but the quick filters still don't work.

I am using Kibana 7.15 and Elasticsearch 7.15
Tried it on earlier 7.12 too and had the same behaviour

Is there something I am missing?

Hello,
When creating an index you must pay attention to the time field that you choose in the 2nd step you must choose the logdate, not the indexing time.

i have done a test with this log line in case you have to change only the timezone :

**2021-10-12T21:05:55.825681|aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa**

Filter :

filter {
  
    grok {
      match          => {
        "message"    => [
          "^%{TIMESTAMP_ISO8601:logdate}\|%{GREEDYDATA}",
          "%{GREEDYDATA:FAILPARSE}"
        ]
      }
    }
   
   date {
      match    => [ "logdate", "ISO8601", "yyyy-MM-dd HH:mm:ss.SSSSSS" ]
      timezone => "GMT"
      target   => "TIMESTAMP"
    }
  }

OUTPUT :

{
  "TIMESTAMP": "2021-10-12T21:05:55.825Z",
  "logdate": "2021-10-12T21:05:55.825681",
  "message": "2021-10-12T21:05:55.825681|aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.