Cloudtrail log to Logstash

Abdur_Raqeeb2 · September 9, 2019, 12:44pm

Hi,

I not able to get the index created in elasticsearch for the cloudtrail log parsed from S3.Also im not able to get any Error message on Logstash and Elasticsearch.Logstash gets work fine without throwing any error

Please find my logstash configuration file below and suggest to resolve this

input{
s3 {
bucket => "MYcloudtrail"
delete => false
interval => 60
prefix => "AWSLogs/MY_ACC_ID/CloudTrail/"
type => "cloudtrail"
region=> "ap-southeast-1"
codec => "gzip_lines"
secret_access_key => "MY KEY"
access_key_id => "MY ACCESS KEY"
sincedb_path => "/usr/share/logstash/data/cloudtrail_s3_sincedb"
}
}
output {
   if [type] == "cloudtrail" {

        elasticsearch {
                hosts => ["auditlog-odfe-hot-1.internal.in"]
                user  => "logstash"
                password => "MyPasswd"
                index => "cloudtrailog-%{+YYYY.MM.dd}"
                document_type => "cloudtrail"
        }
   }
}

Abdur_Raqeeb2 · September 10, 2019, 8:43am

Any input will be helpfull !!!!

system · October 8, 2019, 8:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Index not being created in Elastic search - S3 as input - Logstash	5	842	January 29, 2018
Cloudtrail integration in logstash 2.4 Logstash	2	488	September 3, 2017
Logstash with Cloudtrail Logstash	2	1404	March 21, 2017
From CloudTrail S3 SQS to Elastic via Logstash Logstash	1	314	May 25, 2021
Cloudtrail logs parsing with logstash Logstash	2	2048	March 21, 2017

Cloudtrail log to Logstash

Related topics