I've seen many people having this same issue but I've not found an answer that has resolved my problem. I know this was a bug in ES 7.5 but I'm using ES 6.8.
I've got logs with dates/times in the format "09/23 14:16:16". I prepend the current year to that to get "2020/09/23 14:16:16". After I index the document, I can perform a search in the Kibana console and verify the date is correct. But, any time I search with 'Discovery' or create a visualization in Kibana, the 'DateTime' field is off by 4hrs. I've went into the 'Advanced Settings' in Kibana and tried both the default 'Browser' setting for the timezone and the actual timezone I'm in but neither has any affect.
I was wrong on the version of Kibana I was running. I was running 6.5.2 but I've now upgraded to 6.6.2 to match my version of ES but the problem with the dates still remains.
I've seen soooooo much information about how to write dates in Elasticsearch that I was simply confused by the shear amount of information. Being inexperienced at Javascript, I also didn't realize I had to convert my date string into an actual date so I had been writing the date string directly into ES. Doing that caused my problem.
My ES date field mapping is simply:
DateTime: {type: "date"}
The REAL resolution was on the Javascript side of the equation:
DateTime = new Date(DateTime);
I'm not sure what the difference is between a string date and an actual date but this one line solved the entire problem.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.