I'm in the process of trying to configure Functionbeat (following the release of ELK 6.7) to ship RDS alert logs, via cloudwatch logs, to my ELK stack.
I have successfully created the S3 bucket and deployed the function to cloudwatch - there is now a 'cloudwatch' subscription on the log group in the Cloudwatch console so I assume everything on that front is working as it should.
I am now trying to run Functionbeat and obtain my first index but am seeing the following error (when running './functionbeat run'):
2019-03-28T15:44:23.277Z INFO instance/beat.go:412 functionbeat stopped. 2019-03-28T15:44:23.277Z ERROR instance/beat.go:907 Exiting: error when creating the functions, error: no function are enabled for selected provider: 'aws' Exiting: error when creating the functions, error: no function are enabled for selected provider: 'aws'
My functionbeat.yml file looks like this (stripped down to everything uncommented):
functionbeat.provider.aws.deploy_bucket: "functionbeat-logs" functionbeat.provider.aws.functions: - name: cloudwatch enabled: true type: cloudwatch_logs description: "lambda function for cloudwatch logs" - log_group_name: /aws/rds/instance/production-db/alert # filter_pattern: mylog_ #-------------------------- Elasticsearch output ------------------------------ output.elasticsearch: hosts: ["localhost:9200"]
It seems to me like I am either misunderstanding the command to run the Beat (I have also tried ./functionbeat -e) or the config file thinks that 'enabled: true' is somehow set to false?
I am also seeing the following entry when functionbeat is initialising:
2019-03-28T17:02:50.118Z INFO [functionbeat] beater/functionbeat.go:92 Functionbeat is configuring enabled functions:
The fact that there are no functions listed tells me it's not picking up my 'cloudwatch' function, even though it has been successfully deployed and enabled:true is set.
Many thanks in advance! Any help is greatly appreciated.