Hi All, We could see a time difference in timing between splunk and AWS logs for same query (lambda, unique identifier) We observe 3 minutes of time difference between Splunk and AWS logs

When executed the below query we could see some 

index="XXX" sourcetype=unify:ticketwork source=*api-gateway-logs-xxxx/ticketwork* "\"activityName\":\"createWorkTicket\"" *INCIDNETNO12144*
| eval delay_sec=_indextime - _time
| timechart span=1d min(delay_sec) avg(delay_sec) max(delay_sec) by host

minimum delay in sec =21.59
maximum delay in sec =203.92
avg delay in sec =112.755

index="XXX" sourcetype=unify:ticketwork source=*api-gateway-logs-xxxx/ticketwork* "\"activityName\":\"createWorkTicket\"" *INCIDNETNO12144*

| eval indexed_time=strftime(_indextime,"%+")
| eval latency=_indextime - _time
| table _time,indexed_time,latency,index,_raw

latency is  203.92 sec

latency is 21.59 sec 

Can you guide me what are steps should be considered to start troubleshooting this issue.