Hi - I just downloaded and installed the newly-released cloudtrail codec. Command to install was:
./bin/logstash-plugin install logstash-codec-cloudtrail
The only change I made in my .conf file was to go from "json" codec to "cloudtrail" codec in input. The pipeline that was working previous is now broken.
Here are the errors I receive over and over:
20:02:42.044 [[main]<s3] ERROR logstash.pipeline - A plugin had an unrecoverable error. Will restart this plugin. Plugin: <LogStash::Inputs::S3 bucket=>"redacted", access_key_id=>"redacted", secret_access_key=>"redacted", codec=><LogStash::Codecs::CloudTrail id=>"cloudtrail_82d45f40-1490-457e-9407-47d1411e533b", enable_metric=>true, charset=>"UTF-8">, region=>"us-west-2", id=>"redacted", enable_metric=>true, delete=>false, interval=>60, temporary_directory=>"/tmp/logstash">
Operating system: ubuntu 16.04
Elasticsearch version: 5.1.1
Here's my .conf file:
input {
s3 {
bucket => 'redacted'
access_key_id => 'redacted'
secret_access_key => 'redacted'
codec => "cloudtrail"
region => "us-west-2"
}
}
filter {
geoip {
source => "sourceIPAddress"
}
}
output {
elasticsearch {
hosts => "redacted:9243"
user => "redacted"
password => "redacted"
ssl => true
index => "redacted-%{+YYYY.MM.dd}"
document_type => "redacted"
}
}
Any idea what I'm doing wrong?
Thanks in advance!