I'm using the Elastic Stack to analyse application analytics from desktop software. Our application log files contain dates in ISO8601 format, in local time including the offset from UTC. I'm ingesting these via Logstash which of course gives me UTC timestamps that for most of the reporting I want to do will be fine.
However, in Kibana I would like to be able to visualise the local time of day people are using our software, in their local time zone not mine. This is to help us understand work patterns in different parts of the world.
The options I've thought of are to store an additional time field on the documents which is in local time (i.e. add the offset manually when creating the field in Logstash), or add a timezone field in the documents and use a scripted field in Kibana to apply the stored timezone offset.
Does anyone have a recommendation about how to approach this?