Menu
I would like to understand how ES stores date values internally in its indexes. Does it convert to UTC?
I have a field "t" of type date. Here's the mapping:
"t": { "type" : "date" },
Now when I insert/add a document to ES, how does it store in its indexes.
"t" : "1427700477165" (milliseconds generated from Date.now() function). Does ES recognize its epoch time in UTC and stores as is?
"t" : "2015-03-29T23:59:59" (i adjust mapping date format accordingly)- how does ES store this. If it converts to UTC, how does it know what time zone this date is and convert it to UTC? Does ES get the default time zone from the machine its running on?
Thank you!
784
In JSON documents, dates are represented as strings. Elasticsearch uses a set of preconfigured formats to recognize and parse these strings into a long value representing milliseconds-since-the-epoch in UTC.
Elasticsearch will store all the data you put into it by default, so it works both as a search engine and a document store.
If you're running Elasticsearch version 6.5 or newer, you can use the index. default_pipeline settings to create a timestamp field for an index. This can be accomplished by using the Ingest API and creating a pipeline at the time your index is created.
Internally (within an index) Elasticsearch stores all dates as numbers in epoch format - i.e. the number of milliseconds since 01 Jan 1970 00:00:00 GMT.
However Elasticsearch by default also stores your raw JSON posted message as well - so when returning the _source you'll see whatever was posted to Elasticsearch.
To be able to import date strings into the epoch format you need to specify the format in your mapping, for example either a predefined date format:
"t": { "type" : "date", "format" : "basic_date_time" }
for yyyyMMdd'T'HHmmss.SSSZ.
or specify a custom date format:
"t": { "type" : "date", "format" : "YYYY-MM-dd" }
yyyy/MM/dd
HH:mm:ss||yyyy/MM/dd
72
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
