I'm trying to migrate some Cloudwatch logs currently being captured by Functionbeat to a fleet-managed Elastic Agent integration (AWS EC2 Cloudwatch). The logs are being captured, as expected. However, I am getting a grok error from the
logs-aws.ec2_log pipeline. These are custom log formats, and I currently parse them with a custom pipeline. However, there doesn't seem to be an option to do this with this integration. The error forces the
logs-aws.ec2_log pipeline to exit before
logs-aws.ec2_log@custom can be called, and while the integration will let me specify additional processors, it won't allow me to override the pipeline setting, like I'm able to with the Custom Log integration.