Kibana 3 and support for timezones #1124
Comments
|
Most users ship @timestamp in UTC, this sounds like some other issue. Kibana sends all time filters to Elasticsearch in UTC, it sounds like you might have a machine with the wrong time set somewhere. |
|
I will check this again but here is an example of what I was seeing. It is 0700 EST time I login to my workstation open the web browser and pull up Kibana At this point it is 1100 UTC time. When I query Kibana it shows me records with timestamps ...0700-400 and any selection back in time from there. When I queried Elasticsearch it returns as expected events that are dated ...1100-400 So the records are there but Kibana doesn't display then with the normal preset (available) dropdown time selectors. Also if I set a custom time range in the future EST time then the records show up on Kibana. No selections unchecking local checkbox help solve this. The bottom line is my workstation is running EST time and sets up the time range based on the time it sees. Logstash is (appropriately) timestamping entries in UTC time the time of the logs on that system. I await your reply/suggestions ... perhaps I am missing something ... Thanks Steven R. Pine P.S. Otherwise Logstash and Kibana as a front end work great. Thanks :) Date: Mon, 7 Apr 2014 11:24:41 -0700 Most users ship @timestamp in UTC, this sounds like some other issue. Kibana sends all time filter to Elasticsearch in UTC, it sounds like you might have a machine with the wrong time set somewhere. — |
|
Again, it really sounds like you have a node that has the wrong time set somewhere. The shipping system you describe is used by every logstash user, the only time we've seen this issue come up is when some machine has the wrong time. I'd check your elasticsearch node first. |
|
Just to make sure I understand what you are saying... I verified all my timestamps for logs coming from systems that are in UTC time are in UTC time. Even though I am bringing up Kibana on a web browser from a worstation that is set to EST time I should be able to say now (lets say again now is 0700 AM EST ) and 6h back and Kibana will display with entries with @timestamps dated 1100AM UTC and back 6 hours (to 0500AM UTC). Steven R. Pine Date: Tue, 8 Apr 2014 15:11:57 -0700 Again, it really sounds like you have a node that has the wrong time set somewhere. The shipping system you describe is used by every logstash user, the only time we've seen this issue come up is when some machine has the wrong time. I'd check your elasticsearch node first. — |
|
Right, Kibana does everything in UTC. Its show you your local time, but in reality all of its interaction with Elasticsearch is in UTC |
|
Ok thanks .... I will check this again to try and see what is going on. Steven R. Pine Date: Tue, 8 Apr 2014 15:25:25 -0700 Right, Kibana does everything in UTC. Its show you your local time, but in reality all of its interaction with Elasticsearch is in UTC — |
|
Replying for actual title of this issue. Please refer #95 (comment) |
|
I checked the Workstation and it is set as it is suppose to as EST time. Date: Tue, 8 Apr 2014 15:11:57 -0700 Again, it really sounds like you have a node that has the wrong time set somewhere. The shipping system you describe is used by every logstash user, the only time we've seen this issue come up is when some machine has the wrong time. I'd check your elasticsearch node first. — |
|
See issue #977. The timepicker custom time range only works in browser time which causes confusion because the histogram and table panels can be configured for UTC. |
|
So I did some more poking around on the systems (after reading a somewhat obsure note in the logstash documentation about the /etc/sysconfig/clock file).
The results of the clock file being set to EST instead of GMT was 2 fold:
Setting the clock file ZONE="GMT" fixed both issue noted above. Something that has this affect might be better included in a caution in the installation documentation than buried in the date filter in the timezone section. I am including this information in the email because I have seen other emails about about logstash creating the index early ...etc. So far you product is turning out to be a greater product and adding a caution about the setting in the system clock file might make the experience of others less confusing when your product expects and uses certain setting on the server. Thanks again for your replies they were very helpful. Steve P. Date: Tue, 8 Apr 2014 15:25:25 -0700 Right, Kibana does everything in UTC. Its show you your local time, but in reality all of its interaction with Elasticsearch is in UTC — |
|
Hi All, Thanks, |
and others
Are there any plans to support @timestamp in UTC time so that when I am on my Workstation (that is in EST time) I can see the most recent logstash entries and not those that are 4 hours or older. The only way I can reach those records is to put in custom date time range and I keep having to change it so that I can keep up with current logs every day. I see two options:
Note: The feature of selecting 1,2,6,12,24 hours ago ...etc is useless when I have to use a custom time to get to the current logs.
Awaiting your reply,
Thanks
Steve P.
The text was updated successfully, but these errors were encountered: