The logstash host has the time properly configured.
# zdump -v -c 2015,2017 Chile/Continental
Chile/Continental -9223372036854775808 = NULL
Chile/Continental -9223372036854689408 = NULL
Chile/Continental Sun May 15 02:59:59 2016 UTC = Sat May 14 23:59:59 2016 CLST isdst=1 gmtoff=-10800
Chile/Continental Sun May 15 03:00:00 2016 UTC = Sat May 14 23:00:00 2016 CLT isdst=0 gmtoff=-14400
Chile/Continental Sun Aug 14 03:59:59 2016 UTC = Sat Aug 13 23:59:59 2016 CLT isdst=0 gmtoff=-14400
Chile/Continental Sun Aug 14 04:00:00 2016 UTC = Sun Aug 14 01:00:00 2016 CLST isdst=1 gmtoff=-10800
Chile/Continental 9223372036854689407 = NULL
Chile/Continental 9223372036854775807 = NULL
# date
Tue Jun 14 10:52:33 CLT 2016
The java timezone data:
# /usr/java/jdk1.8.0_92/jre/bin/java -jar /opt/elastic/tzupdater.jar -V
tzupdater version 2.0.3-b01
JRE tzdata version: tzdata2016d
tzupdater tool would update with tzdata version: tzdata2015b
I have changed the index to use the received_at field as a workaround but I would like to understand why the @timestamp is off by 1 hour.
Is there something inside the logstash code (a binary perhaps) that is not aware of the current timezones?
Should I fill a bug report?