Show event times in the local time zone where the event happened

Hi All,

I'm using the Elastic Stack to analyse application analytics from desktop software. Our application log files contain dates in ISO8601 format, in local time including the offset from UTC. I'm ingesting these via Logstash which of course gives me UTC timestamps that for most of the reporting I want to do will be fine.

However, in Kibana I would like to be able to visualise the local time of day people are using our software, in their local time zone not mine. This is to help us understand work patterns in different parts of the world.

The options I've thought of are to store an additional time field on the documents which is in local time (i.e. add the offset manually when creating the field in Logstash), or add a timezone field in the documents and use a scripted field in Kibana to apply the stored timezone offset.

Does anyone have a recommendation about how to approach this?

Thanks,

J-P

Either of those approaches will probably work fine, but I'd recommend going with the first. If you can control the data ingestion, then it's almost always a better idea to do things like this during ingestion rather than after the fact with scripted fields, because the scripts will have to run on all queries that use the data, rather than simply pulling data from a document.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.