I would like to output all my logs to Elastic Search and when certain conditions are met, send them as metrics to Cloud Watch, which should take care of alerting me.
They way I understand it is, that I have to add a
CW_metrics field in my event that contains the metric name for cloudwatch. However, I don't want this metric to appear in Elastic Search, only for the Cloudwatch output. What would be a good way to achieve this?
Example: php error log contains a line with an Exception, that I can match using Logstash filters. In this case I want to send Cloudwatch a Count of 1 for the metric "php_exception_count".
But I just can't wrap my head around how to do this... Any examples or ideas?