Elastic search is indexing the events from November 19th 2015, 18:00:00.000 into logstash-2015.11.20.
Could you please let us know why events from previous date are getting indexed into current date?
This is a Logstash problem, ES only indexes what is sent to it.
It'd help if you provided more information, versions, what your config looks like, etc.
Keep in mind that Logstash goes by UTC. So when you're saying Nov 19 at 18:00, what timezone is that? If it's UTC-6 or anything west of that the data is going to be indexed in logstash-2015.11.20.
I am using CST timezone.
I assume you mean Central Standard time (UTC-6) rather than China Standard Time. In that case what you're seeing is the expected behavior.
Yes, that's correct. And also How to set @timestamp timezone? gave me some more information.
Thank you :)