I'm trying to use the CloudWatch Integration to pull logs from AWS CloudWatch to Elastic. However, I have only managed to pull logs from a single log group instead of multiple log groups.
I have tried to limit the access policies in the IAM role to pull from the specific log groups I want, and then remove the filter on a specific log groups hoping that the integration would then pull logs from all the log groups that I allowed in the IAM role.
However, I got an error saying that I need to specify either log group name, log group prefix etc. so it seems the fields cannot be empty.
After this, I tried to add one CloudWatch integration per log group and using the same agent for this, but I was still only able to pull logs from one log group. I couldn't see the logs from the other groups.
My question is then - how do I pull logs from multiple log groups using the CloudWatch integration?