We have a field that includes the date with no timestamp. When it's indexed into elastic it's set to UTC time, so the date displayed is always the previous date. Is there a way to set either a filter to convert the date to the current timezone when being view in kibana?
An example: 5/4/2018
When viewing the message in kibana, it shows at 5/3/2018. We would like to be able to create queries and filter based on the date.
Use a date filter and pass it whatever timezone you are in.
I've added these filters:
date {
match => ["PRD_END_DATE", "M/dd/YYYY"]
timezone => "America/Los_Angeles"
target => "PRD_END_DATE"
}
date {
match => ["PRD_END_DTTM1", "M/dd/YYYY HH:mm:ss"]
timezone => "America/Los_Angeles"
target => "PRD_END_DTTM1"
}
These are the dates in the message:
7/3/2018,7/3/2018 02:59:59,
And these are how it shows in kibana:
|PRD_END_DATE| |July 2nd 2018, 17:00:00.000|
|PRD_END_DTTM1| |July 2nd 2018, 19:59:59.000|OK, those are UTC, which is what elasticsearch stores dates and times as. If, in Kibana, you go to Management in the left navigation, and then go to the Advanced Settings tab, what is dateFormat:tz set to?
The default is browser, which would cause Kibana to adjust those timestamps back to whatever timezone your desktop is in.
That is what I was expecting too, however I've also set the timezone inside of kibana to America/Los_Angeles, and the events all show the same dates/times, as when the timezone was set to browser.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.