Hello, I have a filebeat running on the same node as my ELK (single node cluster) and the timestamp shown in discover tab is +4:30 which is same as my timezone.
same problem is in the detection tab (last run is in the future 
) :
-timezone setting is kibana is set to "browser"
-ELK version 7.8
When you say you query via the API, are you using Console or curl?
If so, you need to manually adjust for that in your query, it's not something the API does for you.
I'm using console. but that not my problem. timestamp in kibana is wrong (in the first picture time range is 5 hours from now and i still get results)
Try restarting ELK services.
It happens - Unsynchronized time in Elasticsearch
Might be a product bug 
Hi
So the UTC value of the doc is 2020-09-02T11:01:19.000Z, and since your timezone is +4:30 , what is displayed 2020-09-02T15:31:19.000. Since you're setting Kibana to your browser timezone, this is displayed correctly. You can set the value to UTC then same value would be displayed. Is the persisted timestamp right? could you check the time + timezone on the machine that runs filebeat?
Thx & Best,
Matthias
Hi, sorry for the late reply. the problem was someone in our team changed firewall rules causing problems for NTP setting in the elk machine.
so not a problem from ELK.
Thx for letting us know! great that you managed to fix it! So the machine thought it was in a different timezone :), hope it didn't mind that it was forced to time travel!
Best,
Matthias
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
