Hi,
I'm trying to configure the cloudwatch input plugin to pull in custom cloudwatch logs. Below is my config.
cloudwatch {
namespace => "AWS/LOGS"
metrics => ["IncomingBytes","IncomingLogEvents"]
filters => { "tag:Group" => "ops-incident-service-cloudwatch-alarmsvpc06752f63" }
region => "us-east-1"
}
I'm not very confident on the "metrics"variable.
In the AWS console, I can view my logs at
CloudWatch > Log Groups > ops-incident-service-cloudwatch-alarmsvpc06752f63
In the view I see headers [ "Log Streams", "Last Event Time"]
below the header I have records like this.
ip-10-212-100-108, 2017-03-28 14:31 UTC-5
And each of those is bunch of events.
So is it even possible to configure this plugin to suck in these logs?
Thanks,
Tim