Archive

aws cloudwatch-log-processor isnt sending the correct time

New Member

the default value is "item.timestamp", this send splunk the timestamp of the cloudwatch log, and not the eventTime. i have tried replacing it with "parsed.eventTime" "payload.eventTime" etc, all result in failure to send logs. what is the correct object to get eventTime as the logtime

Tags (2)
0 Karma