understanding how elasticsearch stores dates internally

Question

I would like to understand how ES stores date values internally in its indexes. Does it convert to UTC?

I have a field "t" of type date. Here's the mapping:

"t": { "type" : "date" },

Now when I insert/add a document to ES, how does it store in its indexes.

1. "t" : "1427700477165" (milliseconds generated from Date.now() function). Does ES recognize its epoch time in UTC and stores as is?

2. "t" : "2015-03-29T23:59:59" (i adjust mapping date format accordingly)- how does ES store this. If it converts to UTC, how does it know what time zone this date is and convert it to UTC? Does ES get the default time zone from the machine its running on?

Thank you!

Answer 1

Internally (within an index) Elasticsearch stores all dates as numbers in epoch format - i.e. the number of milliseconds since 01 Jan 1970 00:00:00 GMT.

However Elasticsearch by default also stores your raw JSON posted message as well - so when returning the _source you'll see whatever was posted to Elasticsearch.

To be able to import date strings into the epoch format you need to specify the format in your mapping, for example either a predefined date format:

"t": { "type" : "date", "format" : "basic_date_time" }

for yyyyMMdd'T'HHmmss.SSSZ.

or specify a custom date format:

"t": { "type" : "date", "format" : "YYYY-MM-dd" }

• If no format is specified, the default date parsing used is ISODateTimeFormat.dateOptionalTimeParser.
• Multiple date formats can be specified in the mapping - e.g. yyyy/MM/dd HH:mm:ss||yyyy/MM/dd
• If no timezone is specified then Elasticsearch assumes UTC