@timestamp Field Different In ElasticSearch from Index

mfisher · January 7, 2020, 5:12pm

The timestamp changes when viewed in Kibana/Elasticsearch from what is actually indexed.

The log parses and indexes as such

   {
  "_index": "cisco-fmc-000001",
  "_type": "_doc",
  "_id": "vVLsgG8BNS3R70DxVgt7",
  "_version": 1,
  "_score": null,
  "_source": {
    "HTTPReferer": "http://209.99.64.51/",
    "@timestamp": "2020-01-07T10:52:45.000Z",
.................................................
  },
  "fields": {
    "@timestamp": [
      "2020-01-07T10:52:45.000Z"
    ]
  },
  "sort": [
    1578394365000
  ]
}

However when viewing logs in Kibana/Elasticsearch @timestamp changes to a different time 04:52:45.000 effecting searches.

dadoonet · January 7, 2020, 5:25pm

Kibana uses your browser settings to display dates according to your timezone.

mfisher · January 7, 2020, 5:36pm

Ah ok I adjusted the time within logstash back to UTC and that fixed the problem. Thanks!

Topic		Replies	Views
ELK stack - @timestamp issue Logstash	2	432	August 9, 2020
@timestamp and _index question Logstash	7	773	September 23, 2017
@timestamp field in Kibana is different from @timestamp field in index entry Kibana	5	13338	February 22, 2017
Problem with the time in elastic Elasticsearch	10	1733	September 29, 2022
No data when custom timestamp is used for Time-field while adding new index Kibana	4	1375	April 6, 2017

@timestamp Field Different In ElasticSearch from Index

Related topics