Hi need some tips how to debug this:
When I check the grafana KQL query in elastic I get:
But when I see the grafana board:
The interval is the same:
2025-01-01 01:00:00 to 2025-02-01 01:00:00 (Local browser time) (grafana)
Jan 1, 2025 @ 01:00:00.000 to Feb 1, 2025 @ 01:00:00.000 (elastic)
And AFAIK the query looks the same. (Changed source to source.keyword in grafana but no changes)
It is the same timezone as browser timezone?
Timeranges may be different if they are in different timezones.
It used to be fine for months, then suddenly in jan2025 it changed. I found the issue when comparing older months.
29jan we changed from logstash to fluentbit. logstash puts on a @timestamp, while fluentbit uses time.
So changing the grafana datasources to use timeand not @timestampmade numbers almost identical (±100).
Thanks
