How do I use the unified CloudWatch agent to troubleshoot log timestamp issues?

2 minute read

I want to use the unified Amazon CloudWatch agent to troubleshoot log timestamp issues.

Short description

The unified CloudWatch agent uses the PutlogEvents API to upload a batch of log events to Amazon CloudWatch Logs. Log events in a batch can't be more than 2 hours in the future and can't be more than 14 days old. Also, log events can't be from earlier than the retention period of the log group.

If you have log timestamp issues, then you might receive an error message that's similar to one of the following:

  • "<timestamp> E! [outputs.cloudwatchlogs] The log entry in (<Log Group Name>/(<Log Stream Name>) with timestamp (<actual log timestamp>) comparing to the current time (<current timestamp> m=+100) is out of accepted time range. Discard the log entry."
  • "<timestamp> W! [outputs.cloudwatchlogs] 1 log events for log '<Log Group Name>/(<Log Stream Name>' are expired."


To troubleshoot these errors, complete the following steps:

  1. Make sure that you use timestamp_format in the unified CloudWatch agent configuration file that specifies the timestamp format.
  2. (Optional) If necessary, remove the timestamp_format from the unified CloudWatch agent configuration file.
  3. Restart the unified CloudWatch agent, and then confirm that the current time is used.

Related information

Why isn't the unified CloudWatch agent pushing log events?

AWS OFFICIALUpdated 3 months ago