Time difference in kibana

Eran_Mor · May 9, 2018, 6:46pm

Hello,

I have 2 elastic search clusters serving 4 environment. 2 environments are hosted in PST and 2 environments are hosted in Sydney AU time zone.

3 of the environment are pointed to first cluster and 1 to a different cluster.

Somehow the environment that goes to the second cluster is having issues with showing the messages in kibana in the correct time.

The logstash configuration is exactly the same and went over kibana settings and could not locate a problem.

If you can, Please let me know what is wrong in my setup, thank you

bhavyarm · May 9, 2018, 8:16pm

Hi,

By default Kibana chooses to display the data in the timezone detected by your browser. This setting is in advanced settings:

We also have this weird issue : https://github.com/elastic/kibana/issues/17848

So can you please check whats the local browser timezone and change if necessary and then see if it works?

Thanks,
Bhavya

Eran_Mor · May 9, 2018, 8:18pm

Thank you for replying,

I am still having this weird issue after changing to UTC. Could it be connected to my logstash configuration?

bhavyarm · May 9, 2018, 8:55pm

Hi,

I am a bit confused. Does Kibana display the data from second cluster but in the wrong time zone or it shows nothing? Can you check if you have data in your second cluster? : http://localhost:9200/_cat/indices

Thanks,
Bhavya

Eran_Mor · May 9, 2018, 8:57pm

It shows all the logs but in a different timezone, in order to watch the recent logs, I need to search the future. I am in -8 TZ but my logs are coming from +10 TZ.

bhavyarm · May 9, 2018, 9:29pm

@thomasneirynck?

Thanks,
Bhavya

thomasneirynck · May 10, 2018, 12:17am

Can you check if your raw data is indexed correctly? If you do a _search on that index (don't use Kibana-visualize, just use the dev-console or command line) in the 2nd cluster, what timezone is your data in?

Kibana-Visualize will end a timezone in the query. You can open the spy-panel and check the raw query that Kibana is sending for a visualization. Is the timezone correctly configured there?

Eran_Mor · May 11, 2018, 11:37pm

My clusters are hosted with Elastic Search, can I reach the data you mentioned above in this case?

Thank you

Eran_Mor · May 14, 2018, 6:36pm

A bit more context to this issue, the logstash hosts in Sydney are configured to use PDT timezone

logstash:~$ date
Mon May 14 11:33:37 PDT 2018

In Kibana upload time is correct but @timestamp is 10 hours into the future.

},
"prospector": {
"type": "log"
},
"type": "iis",
"Log": "{"Action":"open","Audit":"open-log-on-page","EventTimeUTC":"2018-05-14T18:28:44.9252558Z","UserName":"UnknownUser","Url":"/account/logon","UrlReferrer":""}",
"source": "d:\logs\audits\Legacy-Portal_2018-05-15_audit.log",
"@timestamp": "2018-05-15T04:28:44.925Z"
},
"fields": {
"upload_time": [
"2018-05-14T18:28:45.241Z"
],
"@timestamp": [
"2018-05-15T04:28:44.925Z"
]
},
"sort": [
1526358524925
]
}

Does this clear the picture?

Eran_Mor · May 14, 2018, 8:07pm

Checked all my settings but cannot find any reason why does my time chart under 'Discover' looks like the image I sent initially, any help will be appreciated.

system · June 11, 2018, 8:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.