Kibana converting timestamp to local timezone

Question

I have set up ELK with FileBeat & I forward logs to elastic search overriding @timestamp field to the time in my log file. Below is the logstash.conf file for that

input {
  beats {
    port => 5044

codec => multiline {
      # Grok pattern names are valid! :)
      pattern => "^%{TIMESTAMP_ISO8601} "
      negate => true
      what => previous
    }
    }
}

filter {
  mutate {
    gsub => ["message", "\n", " "]
  }
  grok {
    match => [ "message", "%{TIMESTAMP_ISO8601:timestamp} \[%{NOTSPACE:uid}\] \[%{NOTSPACE:thread}\] %{LOGLEVEL:loglevel} %{DATA:class}\-%{GREEDYDATA:message}" ]
    overwrite => [ "message" ]
  }
  date {
    match => [ "timestamp" , "yyyy-MM-dd HH:mm:ss" ]
    target => "@timestamp"
    timezone => "UTC+0530"
  }
  if "_grokparsefailure" in [tags] {
            drop { }
  }
}


output {
  elasticsearch { hosts => localhost }
  stdout { codec => rubydebug }
}

In the above , I try to set the timezone of the timestamp to IST using

timezone => "UTC+0530"

But I get the error

Cannot load an invalid configuration {:reason=>"The datetime zone id 'UTC+0530' is not recognised"}

This is needed in order to avoid kibana converting the timestamp to my local timezone as the timestamp is already in local time zone IST.

Can someone tell me how do I set IST timezone for timestamp or set kibana not to convert timestamp to my local timezone ?

Answer 1

From the manual the value of timezone should be "Canonical ID" from Joda-Time: there isn't such UTC+0530 time zone.

Answer 2

Came across the discussion & that has the answer. There is an option in kibana advanced setting to change timestamp timezone from default 'Browser' to your local timezone. https://discuss.elastic.co/t/timezone-utc-00-00-getting-converted-on-kibana-display-to-05-30/38727/2