Is there a way to set the timestamp to report for a specific time zone and not UTC when setting up a watcher?
"range" : {
"@timestamp" : {
"gte" : "now-1m"
}
I would love to have something like this
"time_zone": "America/Chicago"
Here is my input
"input" : {
"search" : {
"request" : {
"search_type" : "query_then_fetch",
"indices" : [
"windows-*"
],
"rest_total_hits_as_int" : true,
"body" : {
"query" : {
"bool" : {
"must" : [
{
"query_string" : {
"query" : "winlog.event_id: xxx"
}
},
{
"range" : {
"@timestamp" : {
"gte" : "now-1m"
}
}
}
]
}
},
"_source" : [
"message",
"agent.hostname",
"event.created",
"winlog.event_id"
],
"sort" : [
{
"@timestamp" : {
"order" : "desc"
}
}
]
}
}
}
}