How do I use the unified CloudWatch agent to resolve log timestamp errors?
2 minute read
0
I want to use the unified Amazon CloudWatch agent to resolve log timestamp errors.
Short description
The unified CloudWatch agent uses the PutlogEvents API to upload a batch of log events to Amazon CloudWatch Logs. CloudWatch won't accept log events in a batch that are more than 2 hours in the future or more than 14 days old. Also, CloudWatch won't accept log events that occur before the log group's retention period.
When log timestamps are outside the acceptable time range, then you might receive an error message that's similar to one of the following:
- "<timestamp> E! [outputs.cloudwatchlogs] The log entry in (<Log Group Name>/(<Log Stream Name>) with timestamp (<actual log timestamp>) comparing to the current time (<current timestamp> m=+100) is out of accepted time range. Discard the log entry."
- "<timestamp> W! [outputs.cloudwatchlogs] 1 log events for log '<Log Group Name>/(<Log Stream Name>' are expired."
Resolution
To resolve the error, complete the following steps:
- Add timestamp_format in the unified CloudWatch agent configuration file to specify the timestamp format. If a single log entry contains two timestamps that match the format, then CloudWatch uses the first time stamp.
- (Optional) Remove the timestamp_format from the unified CloudWatch agent configuration file.
Note: If you omit this field, then CloudWatch uses the current time. - Restart the unified CloudWatch agent, and then verify that CloudWatch uses the the current time.
Related information
How do I resolve my unified CloudWatch agent not pushing log events?
- Language
- English
AWS OFFICIALUpdated 6 months ago
No comments
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 4 months ago