Cloudtrail integration in logstash 2.4

vijjun123 · August 3, 2017, 8:19am

Hi All,

Facing issue while creating logstash for cloudtrail integration and data is not flowing to elasticsearch.

Please find the logstash 2.4 config details below.

input{
s3
{
bucket => "sademocloudtrail"
sincedb_path => "/opt/logstash_cloudtrail/sincedb"
temporary_directory => "/opt/temp-cloudtrail_s3_temp"
delete => false
interval => 60 # seconds
prefix => "AWSLogs/066037576108/CloudTrail/"
add_field => { source => "gzfiles" }
codec => cloudtrail {}
}
}
output{
elasticsearch {
hosts => "http://10.3.1.99:9200"
index => "test"
}
stdout {}
}

magnusbaeck · August 6, 2017, 6:54pm

Is Logstash reading the log files at all? Just use a stdout { codec => rubydebug } output until you've verified your inputs and your filters.

system · September 3, 2017, 6:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.