I have net flow data that's DateTime is in local timezone (GMT+10). However when elastic search creates the index it assumes that the data is in UTC, therefore all my times are skewed. Just wondering if there is a way to say to elastic search that the data is in local and not UTC?
The @timestamp is in the correct format and timezone, however the field tm is completely skewed.
ES assumes UTC by default and then Kibana converts to the local browser TZ. If you are using Logstash then you can tell it how to ensure the ES encoded timestamp contains the TZ, otherwise just make sure you pass it in so that ES can handle it appropriately.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.