I am using Graylog 2.4.5 in my ubuntu server and I have installed metricbeats in the same server for monitoring. I am sending data through logstash output and the data was received successfully. But when I checked the data in the graylog I could see there are two timestamp fields showing in the messages,
Also I have checked in the elasticsearch mapping I couldn’t find the field Timestamp (with capital “T”) and the searching is also happening based on the capital T(Timestamp).
I did understand that +5.30hrs is adding to the timestamp value and its representing new fields as capital T (Timestamp) so by default in server.conf the timezone is UTC and I have changed the timezone to Asia/Kolkata in server.conf and restarted it.
Then also again I am getting the same response to the graylog. Please correct me if my understanding is wrong and let me know how to resolve this issue and it would be helpful.