Custom Pipeline with Elastic Agent AWS EC2 Cloudwatch Log integration

DougR · September 23, 2022, 3:39pm

I'm trying to migrate some Cloudwatch logs currently being captured by Functionbeat to a fleet-managed Elastic Agent integration (AWS EC2 Cloudwatch). The logs are being captured, as expected. However, I am getting a grok error from the logs-aws.ec2_log pipeline. These are custom log formats, and I currently parse them with a custom pipeline. However, there doesn't seem to be an option to do this with this integration. The error forces the logs-aws.ec2_log pipeline to exit before logs-aws.ec2_log@custom can be called, and while the integration will let me specify additional processors, it won't allow me to override the pipeline setting, like I'm able to with the Custom Log integration.

Help?

DougR · September 23, 2022, 4:08pm

I think I may have determined the issue. I'm pretty sure I selected the wrong integration - selected Cloudwatch, should've been Cloudtrail.

I'll update and keep you posted.

DougR · September 28, 2022, 4:00pm

The beta AWS Custom Logs integration resolved the issue.

system · October 26, 2022, 4:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Monitor specific AWS Cloudwatch log_stream Elastic Agent fleet , integrations	1	595	October 26, 2022
Elastic Cloud AWS Cloudwatch log integration Elastic Observability	6	468	November 4, 2022
Using custom ingest pipeline for AWS integration Kibana	0	18	July 18, 2024
Elastic-Agent - Collect Custom [Linux] text file logs Elastic Agent filebeat , integrations	3	764	August 30, 2023
Elastic Agent : AWS CloudWatch Fleet Integration Fail with RequestCanceledError Beats fleet	3	894	August 19, 2022

Custom Pipeline with Elastic Agent AWS EC2 Cloudwatch Log integration

Related topics