Cloudtrail log to Logstash

Abdur_Raqeeb2 · September 9, 2019, 12:44pm

Hi,

I not able to get the index created in elasticsearch for the cloudtrail log parsed from S3.Also im not able to get any Error message on Logstash and Elasticsearch.Logstash gets work fine without throwing any error

Please find my logstash configuration file below and suggest to resolve this

input{
s3 {
bucket => "MYcloudtrail"
delete => false
interval => 60
prefix => "AWSLogs/MY_ACC_ID/CloudTrail/"
type => "cloudtrail"
region=> "ap-southeast-1"
codec => "gzip_lines"
secret_access_key => "MY KEY"
access_key_id => "MY ACCESS KEY"
sincedb_path => "/usr/share/logstash/data/cloudtrail_s3_sincedb"
}
}
output {
   if [type] == "cloudtrail" {

        elasticsearch {
                hosts => ["auditlog-odfe-hot-1.internal.in"]
                user  => "logstash"
                password => "MyPasswd"
                index => "cloudtrailog-%{+YYYY.MM.dd}"
                document_type => "cloudtrail"
        }
   }
}

Abdur_Raqeeb2 · September 10, 2019, 8:43am

Any input will be helpfull !!!!

system · October 8, 2019, 8:43am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash with Cloudtrail Logstash	2	1403	March 21, 2017
From CloudTrail S3 SQS to Elastic via Logstash Logstash	1	314	May 25, 2021
Cloudtrail logs parsing with logstash Logstash	2	2044	March 21, 2017
How to get Cloudtrail data from S3 bucket to elasticsearch Elasticsearch elastic-stack-monitoring	2	226	October 29, 2023
Duplicate logs - logstash-input-s3? Logstash	9	3387	July 6, 2017

Cloudtrail log to Logstash

Related Topics