I've just configured my Windows box to send its event logs (System, Security, Application) to Cloudwatch Logs (https://blogs.aws.amazon.com/application-management/post/Tx1KG4IKXZ94QFK/Using-CloudWatch-Logs-with-Amazon-EC2-Running-Microsoft-Windows-Server). CloudWatch Logs receives the event logs but they don't have timestamp!
It seems we can just set the timestamp for IIS logs, Custom logs, etc., but it's not possible to set the "datetime_format" parameter for Event logs (configuration file: AWS.EC2.Windows.CloudWatch.json), right?!! http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-configuration-cwl.html
If it's right, that's weird!! What can I do with a log record that has no timestamp?!!
Thanks,
If you're viewing your logs from the AWS Management Console you should be able to see the event timestamp by clicking on the "gear icon" from the top right that shows/hides the table columns.
If you're interacting with your log data from the AWS CLI or from the AWS SDK, each log event record should come with a timestamp attribute.