Thanks for the answer, the raw logs received in to ES were in my local timezone, but ES what I think was happening was ES assumed they were UTC and added +2 hours when storing them which meant I could not see any data unless I moved the time scale 2 hours forward.
After modifying the manifest.yml file in the panw modules folder to the following everything seemed to resolve and the logs and timestamps are now correct
- name: convert_timezone
default: true