Hi There,
I'm on day 2 of my Elastic Cloud trial, I'm confused and am looking for some advice as to how I go about collecting my AWS VPC flowlogs from AWS Cloudwatch.
So far I have installed the AWS integration and configured cloud watch log collection, the agents says its healthy, but its not collecting any data.
Any help appreciated
Matthew
Have u set up ur vpc flow logs to send to cloud watch, Publish flow logs to CloudWatch Logs - Amazon Virtual Private Cloud.
Yes, I have flow logs appearing in cloud watch, its just they are not appearing in the kibana dashboard
I would put the agent in debug log mode and take a look to see if there is anything showing up to explain why.
Running agent in debug mode helped, I had a policy permission issues, sorted that and i now have my logs appearing.
new issue, the logs are not being parsed, I see the error
Provided Grok expressions do not match field value: [..... ACCEPT OK]
how do I fix the Grok expression?
Can u provide a full sample of what's not being parsed?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.