Elasticsearch timestamp in UTC but Grafana is interpreting it as EST

Grafana version: 6.6.0
Elasticsearch version: 5.6.16

I’m sure this is some sort of configuration outside of Grafana, but I can’t seem to find where. I have Elasticsearch as my data source which is a Graylog server. If I query Elasticsearch for the items I want, it comes back with a UTC timestamp 2020-03-05 14:38:29.978 which equates to 9:38 AM EST. When I pull that same item into a Grafana table, it shows 2020-03-05 14:38:29.978-05:00 when the dashboard is set to local browser time. If I change the dashboard to UTC, it shows the timestamp as 2020-03-05 19:38:29.978+00:00.

It’s clearly interpreting the UTC timestamp from Elastic as EST, but I don’t know how to fix it. I’m pretty sure it’s not Grafana’s doing, but I don’t know what is causing the wrong timestamp. Does anyone have any thoughts on which piece is either getting or giving the wrong timestamp?

I think I figured it out so I’ll post it in case anyone else is looking in the future. In my Graylog server.conf file, I had root_timezone = "America/New_York". I switched that to UTC and restarted the Graylog-Server service. It did not fix the timestamp format, but it did add a new field on all new messages called winlogbeat_@timestamp which formatted the time as 2020-03-05T14:38:29.978Z. I’m doing mostly windows logs so I don’t know if this will work for everyone, but it at least works for winlogbeat. Hopefully that helps or at least points someone in the right direction.