Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – Fluentd sending wrong time to cloudwatch

In fluentd, a source is syslog and the target is fluent-plugin-cloudwatch-logs plugin. Everything works, only the time is wrong.

<source>
  @type syslog
  <transport tcp>
  </transport>
   <parse>
    message_format auto
    parser_type string
  </parse>
  tag isam
</source>


<match mysyslog>
@type copy
<store>
  @type cloudwatch_logs
  log_group_name /aws/mysyslog
  log_stream_name all
  auto_create_stream true
  region eu-west-1
  include_time_key true
  localtime true
  </store>
  <store>
    @type http
    http_method put
    <format>
     @type single_value
    </format>
    raise_on_error true
</store>
</match>

The timestamp in cloudwatch is correct 2 hours in the future, but the ingestion time is correct.

For example, if I put cloudwatch to local time:

ingestion time: 1719208787499 = June 24, 2024, 05:57:26 AM (UTC).  
timestamp: 1719215985000 = June 24, 2024, 07:57:25 AM
time extracted from message: 2024-06-24T07:59:45+00:00
time in message 2024-06-24T07:59:45+00:00

enter image description here

The only time, that seems correct is the ingestion time. How am I able to manipulate the time correctly, which would be 2 hours in the past?

Tags:

2

Answers


  1. 0

    Do you have the correct time and timezone set on the host from which you are sending logs?

    Login or Signup to reply.
  2. 0

    Try setting the utc true in the source > parse section.
    https://docs.fluentd.org/configuration/parse-section#time-parameters

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search