Hello everyone!
I bet its something really basic but I dont want to waste any more time by trying to find the solution myself.
My issue is that in kibana the timestamp is correct and shows the correct time however in the elasticsearch document the timestamp is 2 hours behind.
Where the problem could be?I set the timezone in kibana and elasticsearch too.
Thanks in advance!
When Kibana shows standard timestamps it by default adjusts for the local timezone of the browser. All timestamps in Elasticsearch are in UTC time, so I guess you are in a timezone 2 hours off UTC?
Yeah I read about this and no I checked the browser and it is in the correct timezone and also as I said the browser and kibana shows me the correct time the 2 hours difference is in the elastic document.If I look at the json object of the document the correct time is not even included in the document itself(only the wrong timestamp with the -2 hours difference is included).The time is also correct on the host where the logs are coming from.
What is the timestamp you are seeing in Kibana? What is the timestamp in the JSON document? Which timezone are you in?
Oh I think is just realised what yous answer meant in the first reply.
Is there a way to modify this behaviour(all timestamps are utc by default)?
My goal is to export the logs with logstash and timestamp is a bit off.
Should I manipulate that field after exporting the data?
All timestamps in Elasticsearch must be UTC. There is no way to change that.
If you need it in local timezone you will need to convert it from UTC once you have extracted it.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
