I use promtail to scrape my systemd journal and sent it to a Grafana Loki server. My problem is, that on busy systems the timestamp is quiet a bit off (between the timestamp shown in the journal on the host and the timestamp shown in Grafan/Loki).
The timestamp stage is an action stage that can change the timestamp of a log line before it is sent to Loki. When a timestamp stage is not present, the timestamp of a log line defaults to the time when the log entry is scraped.—Loki Docs
For file based logs parsed with static config (e.g. nginx logs) I solved this by parsing the timestamp from the log entry and set it via the timestamp stage. But I have no idea, how to get the timestamp from the journal scraper.
Looking at the man page for journal fields I tried to use SYSLOG_TIMESTAMP and _SOURCE_REALTIME_TIMESTAMP as sources for the timestamp, but they seem not available to promtail (I'm stuck on CentOS 7 with systemd 219).