Wrong Date & Time

jaykumar · August 25, 2016, 12:09pm

Hi All,

I have been struggling to get correct date, time and time stamp in Elasticsearch. I thought Logstash might be messing up things but I don't think so.

RAW LOG:

date=2016-08-15 time=18:13:23

Logstash configuration:

mutate {
	rename => [ "date", "detectiontime" ]
	add_field => { "fraction" => ".000" } # this is just to bring timestamp into standard format of ElasticSearch
	add_field => { "detectiontime" => "%{time}%{fraction}" }
	remove_field => "time"
	remove_field => "fraction"
	add_field => { "detectiontimestamp" => "%{detectiondate}T%{detectiontime}" }
}

stdout

       "detectiondate" => "2016-08-26",
       "detectiontime" => "17:19:32.000",
  "detectiontimestamp" => "2016-08-26T17:19:32.000",

Elasticsearch Template Mapping

"mappings" : {
            "_default_" : {
        "_all" : {"enabled" : false},
        "_source": { "enabled": true },
            "_timestamp": { "enabled": true},
                    "date_detection" : false,
                    "dynamic": true,
        "properties" : {

                                            "detectiondate": {
                                                    "type": "date",
                                                    "format": "strict_date"
                                            },

                                            "detectiontime": {
                                                    "type": "date",
                                                    "format": "strict_hour_minute_second_fraction"
                                            },

                                            "detectiontimestamp" : {
                                                    "type": "date",
                                                    "format": "strict_date_hour_minute_second_fraction"

},

Kibana Display

detectiondate August 25th 2016, 05:30:00.000
detectiontime January 1st 1970, 22:49:32.000
detectiontimestamp August 25th 2016, 22:49:32.000

ElasticSearch JSON

"detectiondate": "2016-08-25",
"detectiontime": "17:19:32.000",
"detectiontimestamp": "2016-08-25T17:19:32.000",

Problem statement:

Why Kibana is showing date in the detectiontime, time in the detectiondate fields?
How Kibana is converting time into some different values?

How do I make Kibana show exact JSON values?

Please help.

Regards,

Jay

warkolm · August 25, 2016, 12:12pm

Why don't you just use a date filter in LS with a pattern that doesn't have milliseconds? It'd save doing all that mutate work.

jaykumar · August 25, 2016, 12:13pm

Thanks for quick response.
I tried that as well but problem is with Kibana showing wrong values.

magnusbaeck · August 25, 2016, 12:25pm

By default Kibana adjusts timestamps to the browser's timezone. This can be disabled in the settings somewhere.

jaykumar · August 25, 2016, 12:27pm

Thank you. Got it, I will find out that settings.

How about showing date in the detectiontime and time in the detectiondate fields whereas both of them doesn't have that information?