Timestamp entries in cet without time zone are displayed in Kibana as cet +1

jstricker · December 21, 2021, 2:06pm

I have several log files with different timestamp formats. A log file like this:

In the other file like this:

grafik

The timestampe entrys with and with out timezone specification.

With the following component template i format the timestampe.

grafik

The logentry with the timezone in the timestamp are displayd correctly.

grafik

But the logentry without the timezone are displyed one hour off

grafik

In kibana i have the following settings:

What should i have to do that the timestamp without the timezone are displayed corrrectly?

dosant · December 21, 2021, 2:54pm

Internally dates are stored in UTC. When date format contains a timezone Elasticsearch uses it to convert to UTC, but without a timezone it just assumes UTC.

I think you'll have to convert to a UTC timezone or specify your timezone during ingestion, as it won't be possible to fix on index mapping level.

Regarding Kibana advanced setting: this is just a UI formatting configuration. With it you can specify how you want to display dates in Kibana that are stored in UTC in Elasticsearch

Topic		Replies	Views
Timezone issue in Kibana Kibana	3	1434	April 26, 2020
Timezone related issue Elasticsearch	6	295	July 29, 2022
Timestamp isn't Matching from what was imported into Elasticsearch Kibana	5	467	November 16, 2018
Kibana changing date time field while displaying Kibana	4	1961	September 13, 2017
Kibana represents diferente datetime Kibana	5	440	August 16, 2018

Timestamp entries in cet without time zone are displayed in Kibana as cet +1

Related topics