I have Windows eventlogs being sent from nxlog to logstash. My windows box and my receiving server is in UTC.
NXlog appears to be adding EventTime to the log it ships, and the datetime is 7 hours behind UTC. No explaination, I'm not setting it, and it doesn't match the timezone of either of my VM's or my host VM.
What is this EventTime? Is NXLog creating it? How come it has the wrong timezone or date?
EventTime stores the value of TimeCreated in case of im_msvistalog. When EventTime is converted to a string (e.g. by to_json()) it will be shown in local time.