When ingesting logs from S3 using the ingestion lambda, the logs are grouped and published to S3 every 5-10 minutes. The newrelic lambda is ingesting the logs when the object appears in S3, but the timestamp it applies to each record is the ingestion timestamp. Each log entry has an actual timestamp that whilst ingested, is not used as the primary timestamp.
If I was using logstash I could specify which field contains the correct timestamp.
How can I do this in New Relic Logs without using Logstash in the middle?
New Relic Edit
- I want this too
- I have more info to share (reply below)
- I have a solution for this
We take feature ideas seriously and our product managers review every one when plotting their roadmaps. However, there is no guarantee this feature will be implemented. This post ensures the idea is put on the table and discussed though. So please vote and share your extra details with our team.