-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
1. Proposed title of this feature request
Request to add "@timestamp" item to JSON format when ROSA HCP audit log forwarding to CloudWatch
2. What is the nature and description of the request?
1)In ROSA classic the audit log can be forwarded by using openshift-logging forward to CloudWatch.
It has an item "@timestamp"
"@timestamp": "2026-02-09T05:08:43.609320874Z",
"annotations": {
"authorization.k8s.io/decision": "allow",
.......
},
"apiVersion": "audit.k8s.io/v1",
"auditID": "xxxxxxxx",
"hostname": "ip-xxx-xxx-xxx-xxx.xxxxx.compute.internal",
"kind": "Event",
"level": "Metadata",
"log_source": "openshiftAPI",
"log_type": "audit",
2)However, for ROSA HCP cluster, the audit log currently can be forwarded using this solution, which does not use the openshift-logging operator
https://access.redhat.com/solutions/7002219
This solution does not include the "@timestamp" item
PS:
For openshift logging, it has code below that shows "@timestamp" exists
https://github.com/search?q=repo%3Acahartma%2Fcluster-logging-operator%20%40timestamp&type=code
3. Why does the customer need this? (List the business requirements here)
The "@timestamp" been used on the customer application in ROSA classic cluster, not having this item affect the migration from ROSA classic to ROSA HCP for the customer
4. List any affected packages or components.
ROSA HCP Audit logs forward
