Wrong Date & Time

jaykumar · August 25, 2016, 12:09pm

Hi All,

I have been struggling to get correct date, time and time stamp in Elasticsearch. I thought Logstash might be messing up things but I don't think so.

RAW LOG:

date=2016-08-15 time=18:13:23

Logstash configuration:

mutate {
	rename => [ "date", "detectiontime" ]
	add_field => { "fraction" => ".000" } # this is just to bring timestamp into standard format of ElasticSearch
	add_field => { "detectiontime" => "%{time}%{fraction}" }
	remove_field => "time"
	remove_field => "fraction"
	add_field => { "detectiontimestamp" => "%{detectiondate}T%{detectiontime}" }
}

stdout

       "detectiondate" => "2016-08-26",
       "detectiontime" => "17:19:32.000",
  "detectiontimestamp" => "2016-08-26T17:19:32.000",

Elasticsearch Template Mapping

"mappings" : {
            "_default_" : {
        "_all" : {"enabled" : false},
        "_source": { "enabled": true },
            "_timestamp": { "enabled": true},
                    "date_detection" : false,
                    "dynamic": true,
        "properties" : {

                                            "detectiondate": {
                                                    "type": "date",
                                                    "format": "strict_date"
                                            },

                                            "detectiontime": {
                                                    "type": "date",
                                                    "format": "strict_hour_minute_second_fraction"
                                            },

                                            "detectiontimestamp" : {
                                                    "type": "date",
                                                    "format": "strict_date_hour_minute_second_fraction"

},

Kibana Display

detectiondate August 25th 2016, 05:30:00.000
detectiontime January 1st 1970, 22:49:32.000
detectiontimestamp August 25th 2016, 22:49:32.000

ElasticSearch JSON

"detectiondate": "2016-08-25",
"detectiontime": "17:19:32.000",
"detectiontimestamp": "2016-08-25T17:19:32.000",

Problem statement:

Why Kibana is showing date in the detectiontime, time in the detectiondate fields?
How Kibana is converting time into some different values?

How do I make Kibana show exact JSON values?

Please help.

Regards,

Jay

warkolm · August 25, 2016, 12:12pm

Why don't you just use a date filter in LS with a pattern that doesn't have milliseconds? It'd save doing all that mutate work.

jaykumar · August 25, 2016, 12:13pm

Thanks for quick response.
I tried that as well but problem is with Kibana showing wrong values.

magnusbaeck · August 25, 2016, 12:25pm

By default Kibana adjusts timestamps to the browser's timezone. This can be disabled in the settings somewhere.

jaykumar · August 25, 2016, 12:27pm

Thank you. Got it, I will find out that settings.

How about showing date in the detectiontime and time in the detectiondate fields whereas both of them doesn't have that information?

Topic		Replies	Views
Wrong timestamp in kibana index Elasticsearch	3	447	October 13, 2021
Logstash does not created proper timestamp from field Logstash	23	2158	December 21, 2018
Logstash Date Filter Inquiry Logstash	3	303	December 26, 2018
Kibana not showing data due to timestamp issues Kibana	3	1627	July 6, 2017
Incorrect timestamp Kibana	3	1180	July 6, 2017

Wrong Date & Time

Related topics