Time stamp is wrong

I have a problem with the time stamp I get the date right, but the time is wrong I get like 5 hours in advance, the date is right but I do not know why I get another time of execution, set the time zone in kibana, but I still get the time wrong.

this is the watcher code...
{
"trigger": {
"schedule": {
"interval": "1h"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
"agenteallot*"
],
"rest_total_hits_as_int": true,
"body": {
"size": 0,
"query": {
"bool": {
"filter": {
"range": {
"@timestamp": {
"gte": "{{ctx.trigger.scheduled_time}}||-5m",
"lte": "{{ctx.trigger.scheduled_time}}",
"format": "yyyy-MM-dd HH:mm:ss||basic_time_no_millis"
}
}
}
}
},
"aggs": {
"bucketAgg": {
"field": "monitor.name.keyword",
"query": {
"bool": {
"must": {
"match_all": {}
},
"filter": {
"term": {
"monitor.name.keyword": "01-2-CAV3000006278-DATOS-BKP-2.7G-99.98"
}
}
}
},
"aggs": {
"metricAgg": {
"max": {
"field": "summary.up"
}
}
}
}
}
}
}
}
},
"condition": {
"script": {
"source": "ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; for (int i = 0; i < arr.length; i++) { if (arr[i]['metricAgg'].value >= params.threshold) { return true; } } return false;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
},
"actions": {
"email_1": {
"email": {
"profile": "standard",
"attach_data": {
"format": "yaml"
},
"to": [
"juan.jaramillo@megadvantage.com",
"victor.vera@megadvantage.com"
],
"subject": "{{ctx.metadata.name}} {{ctx.payload.results}}",
"body": {
"text": """Buen dia, Adjunto registro del reporte.

ALERTA NODO!!! El siguiente enlace perdió la conexión.

Estado: Down🔴

Nombre del Enlace: {{ctx.payload.results}}

Hora: {{ctx.execution_time}}

Área: Networking

Mensaje Alerta: El enlace ha dejado de responder. Responder correo a telecomunicaciones@udistrital.edu.co

Ingrese aquí para más información: https://72dfe17217744236af40cc31b704a664.us-central1.gcp.cloud.es.io:9243/s/distrital/app/uptime#"""
}
}
}
},
"transform": {
"script": {
"source": "HashMap result = new HashMap(); ArrayList arr = ctx.payload.aggregations.bucketAgg.buckets; ArrayList filteredHits = new ArrayList(); for (int i = 0; i < arr.length; i++) { HashMap filteredHit = new HashMap(); filteredHit.key = arr[i].key; filteredHit.value = arr[i]['metricAgg'].value; if (filteredHit.value >= params.threshold) { filteredHits.add(filteredHit); } } result.results = filteredHits; return result;",
"lang": "painless",
"params": {
"threshold": 0.8
}
}
}
}

here is the test when executing the alert the time of execution is wrong

Screenshot 2020-10-13 1414521915×973 70.5 KB

Screenshot 2020-10-13 1407331183×521 9.1 KB

I would be very grateful for your help!!

The timestamp is in UTC.
5 hours? I guess you are around India TZ?

No i'm in colombia

How can I change it to be right in my country? Please, I've been doing this for a long time.

ya, the other way around UTC-5 is Columbia TZ.
Not sure what you are after.
What's your condition? It is not working correctly?

It is like this..
"@timestamp": { "gte": "{{ctx.trigger.scheduled_time}}||-5m", "lte": "{{ctx.trigger.scheduled_time}}", "format": "yyyy-MM-dd HH:mm:ss||basic_time_no_millis"

but I don't know why I get the time wrong if I'm supposed to get it from the browser.
How could I fix it? please

You get it from elastic, not from the browser.
Is your trigger not working correctly?

Can you explain, why you picked a date format that does not allow to specify a timezone and milliseconds, but pass ctx.trigger.scheduled_time which looks like 2020-10-14T07:51:33.556943Z and thus contains a timezone as well as microseconds? That might be one of the issues here and I amwondering, where the timestamp query part is coming from?

How do I solve it?

if it works but the time stamp is wrong and I don't know how to fix it

If it works, what do you care about the timestamp?
This is coming from the server and it is in UTC timezone.
As long as your logic is working correctly, and trigger is working as expected, dont worry.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.