Configuring Splunk Vector to Use Application Timestamps for Log Forwarding in OpenShift Container Platform

Solution Verified - Updated 2025-09-30T18:57:32+00:00 -

Issue

Experiencing difficulties with serialising application events when forwarding logs to splunk.
Desire to utilise the timestamp produced by the application instead of the one added by the logging operator for better event ordering.

Environment

Red Hat OpenShift Container Platform (RHOCP)
- 4
Red Hat OpenShift Logging Operator (RHOL)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2025 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)