I have an index in Elasticsearch. When I check - using the search API - the oldest timestamp of my data is 2023-01-13 00:00:00 (I previously applied a filter). However, when generating a Data View in Kibana the oldest timestamp displayed in Discover corresponds to 23-01-12 21:00:00 so I have a time shift of 3hrs between the "real" data and the data displayed in Kibana (the data also stops in Kibana three hours before the "real" end).
How can I configure Kibana to show exactly what I see in Elasticsearch? Is there any timezone configuration that I should apply?
Elasticsearch stores all time and date fields in UTC, when Kibana shows the time and date fields it will per default shift the time according to the browser timezone.
It looks like that you are in a timezone of UTC-3, so 2023-01-13 00:00:00 will appear in Kibana as 2023-01-12 21:00:00, this is expected and it is not an issue.
The issue here is, the time 2023-01-13 00:00:00 is in UTC or is in UTC-3? If it is in UTC-3 you need to tell that while indexing your data, you need to inform elasticsearch that this time and date string has an offset of 3 hours, this is the correct way to deal with timezone issues.
You can however change the default timezone for Kibana and tell it to show the dates in UTC, but this can lead to confusion, as the dates in Kibana will be ahead of your local time.
Thanks for your answer. It was exactly what you said. I solved my problem changing Kibana's configuration to show the dates in UTC (it makes sense for my use case to show everything in UTC). Thanks.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.