@timestamp is 4 hours behind when I change the timezone as UTC in Kibana's advance settings and the database date field is correct. However, when I set the timezone as browser advance settings in Kibana, @timestamp is correct, but the database date field displays as 4 hours ago. please suggest me how fix this issue am using elk 8.3.0
Hello,
Please share some evidence of what you are seeing, like some Kibana screenshots showing the time difference.
Also, in which timezone are you in? in which timezone are your logs being generated? How are you parsing your logs? Share your logstash configuration.
What you described is a common issue, it happens when you have logs that are not on UTC and do not have any information about the timezone in which they were generated, in this case you need to inform logstash durange the parsing what is the timezone of the logs.
1 Like
There are three concepts with respect to dates that core to how elastic manages dates/ time stamps
-
All dates are stored as UTC in elasticsearch. If the timezone is defined as part of the incoming date/timestamp it will be converted to UTC and stored as UTC.
-
If an incoming date / timestamp does not have a time zone associated with it, the timezone is assumed to be UTC when stored. This can be a source of mismatched time stamps / confusion.
-
dates and timestamps are displayed within Kibana based on the time zone of the browser not the timezone of the incoming source.
Once you understand these three critical concepts, hopefully that will help you understand what you're seeing.
@leandrojmp Thanks for your support As we can see in snap ,when i am selecting browser as time zone my time zone is Asia/Dubai
@stephenb Thank you very much for the nice explanation. This means that the date coming from the database needs to be converted to UTC format. In my case, end_date is retrieved from the database.
This is not just a timezone issue, the dates are completely different, it seems that you are not using the date from your logs to be the date of your elasticsearch document.
You didn't share your Logstash configuration as asked, you need to share this to give more insights of what you are doing.
Also, in what timezone is your db date? You didn't answer this as well.
1 Like
Thank you very much for your assistance. The issue has been resolved; I changed the date format to TO_CHAR(end_date, 'MM-DD-YYYY HH:mm:ss') for the end_date in the select query. Now, both @timestamp and end_date are in sync.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.