diff --git a/packages/aws/data_stream/lambda_logs/elasticsearch/ingest_pipeline/aws-lambda-json.yml b/packages/aws/data_stream/lambda_logs/elasticsearch/ingest_pipeline/aws-lambda-json.yml
index 30deaa1f2ef..8dcced07660 100644
--- a/packages/aws/data_stream/lambda_logs/elasticsearch/ingest_pipeline/aws-lambda-json.yml
+++ b/packages/aws/data_stream/lambda_logs/elasticsearch/ingest_pipeline/aws-lambda-json.yml
@@ -11,7 +11,7 @@ processors:
     if: "ctx.parsed?.timestamp != null"
     field: parsed.timestamp
     target_field: "@timestamp"
-    formats: ["yyyy-MM-dd HH:mm:ss,SSSZ"]
+    formats: ["yyyy-MM-dd HH:mm:ss,SSSZ", "ISO8601"]
     ignore_failure: true
 
 # 2. Platform report logs (time field)
@@ -43,6 +43,18 @@ processors:
     copy_from: parsed._aws
     ignore_failure: true
 
+- set:
+    field: aws.lambda.message.log
+    if: "ctx.parsed?.message != null && ctx.parsed?.message instanceof String"
+    copy_from: parsed.message
+    ignore_failure: true
+
+- set:
+    field: aws.lambda.message
+    if: "ctx.parsed?.message != null && ctx.parsed?.message instanceof Map"
+    copy_from: parsed.message
+    ignore_failure: true
+
 - rename:
     field: parsed.service
     target_field: service.name
@@ -231,6 +243,13 @@ processors:
     ignore_failure: true
     if: "ctx['@timestamp'] == null"
 
+- rename:
+    field: parsed.timestamp
+    target_field: "@timestamp"
+    ignore_missing: true
+    ignore_failure: true
+    if: "ctx['@timestamp'] == null"
+
 - rename:
     field: parsed.errorMessage
     target_field: aws.lambda.error.message
@@ -273,18 +292,6 @@ processors:
     ignore_missing: true
     ignore_failure: true
 
-- rename:
-    field: parsed.time
-    target_field: "@timestamp"
-    ignore_missing: true
-    ignore_failure: true
-
-- rename:
-    field: parsed.timestamp
-    target_field: "@timestamp"
-    ignore_missing: true
-    ignore_failure: true
-
 - rename:
     field: parsed.type
     target_field: aws.lambda.event_type
@@ -346,12 +353,6 @@ processors:
     ignore_missing: true
     ignore_failure: true
 
-- rename:
-    field: parsed.timestamp
-    target_field: "@timestamp"
-    ignore_missing: true
-    ignore_failure: true
-
 - rename:
     field: parsed.tracing.xray_trace_id
     target_field: aws.lambda.xray_trace_id
@@ -417,6 +418,7 @@ processors:
     field: aws.lambda.message
     copy_from: event.original
     if: "ctx.parsed == null"
+    ignore_failure: true
 
 - remove:
     field: parsed
@@ -431,6 +433,7 @@ processors:
 - script:
     description: Drops null/empty values recursively
     lang: painless
+    ignore_failure: true
     source: |
         boolean drop(Object o) {
             if (o == null || o == "") {