@timestamp Field Different In ElasticSearch from Index

mfisher · January 7, 2020, 5:12pm

The timestamp changes when viewed in Kibana/Elasticsearch from what is actually indexed.

The log parses and indexes as such

   {
  "_index": "cisco-fmc-000001",
  "_type": "_doc",
  "_id": "vVLsgG8BNS3R70DxVgt7",
  "_version": 1,
  "_score": null,
  "_source": {
    "HTTPReferer": "http://209.99.64.51/",
    "@timestamp": "2020-01-07T10:52:45.000Z",
.................................................
  },
  "fields": {
    "@timestamp": [
      "2020-01-07T10:52:45.000Z"
    ]
  },
  "sort": [
    1578394365000
  ]
}

However when viewing logs in Kibana/Elasticsearch @timestamp changes to a different time 04:52:45.000 effecting searches.

dadoonet · January 7, 2020, 5:25pm

Kibana uses your browser settings to display dates according to your timezone.

mfisher · January 7, 2020, 5:36pm

Ah ok I adjusted the time within logstash back to UTC and that fixed the problem. Thanks!

system · February 4, 2020, 5:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
@timestamp in Elasticsearch Elasticsearch	5	1254	March 25, 2019
@timestamp field in Kibana is different from @timestamp field in index entry Kibana	5	13214	February 22, 2017
@timestamp and _index question Logstash	7	701	September 23, 2017
ELK stack - @timestamp issue Logstash	2	384	August 9, 2020
Difference between Timestamp and @timestamp in kibana logs Logstash	4	414	April 4, 2023

@timestamp Field Different In ElasticSearch from Index

Related topics