We are injecting data into elasticsearch from MQs. Both the MQ and elasticsearch servers are in the same time zone (AST). However, when data is displayed in Kibana, time zone changes to AST+3 hours.
For instance, the timestamp in the current date is // 2020-03-02T12:36:03.816
But when we see it in Kibana, it shows, // 2020-03-02T15:36:03.816
I do understand, there is an option to change Timezone in Kiban through "Advance Settings". Although, making changes in "Advance Settings" of Kibana helps to show the data as per the required time zone, but it fails when we want to set alert because "now" and the current timestamp has a difference of 3 hours.
When used without timezone information, Elasticsearch interprets dates as being in UTC. Internally, dates are always converted to the milliseconds since the epoch in UTC. Kibana converts this to the local timezone that the browser uses.
If possible in your application, try sending the original time stamps with a timezone, e.g. 2020-03-02T12:36:03.816+03:00. If the format cannot be changed before being sent to Elasticsearch, it can be fixed-up in e.g. an ingest pipeline. The date processor can use an optional timezone parameter.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.