From CloudTrail S3 SQS to Elastic via Logstash

Dimitri_Goldshtein · April 27, 2021, 1:58pm

Hi all !
I try get logs from my aws s3 via logstash !
I generate get logs from CloudTrail to s3 with format ****.json.gz
in logstash i use this input file

input {
  sqs {
    queue => "test_logs_ks"
    access_key_id => "******************"
    secret_access_key => "*********************"
    polling_frequency => 5
    type => "cloudtrail"
    codec => "cloudtrail"
    region => "eu-west-1"
    threads => 4
  }
}

but in kibana side i see incomplete index
and see path to log

AWSLogs/*********/CloudTrail/us-east-1/2021/04/27/076944484853_CloudTrail_us-east-1_20210427T1340Z_********.json.gz

and i want open this file

system · May 25, 2021, 1:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudtrail log to Logstash Logstash	2	345	October 8, 2019
Logstash-input-s3 assistance Logstash	1	594	July 6, 2017
How to get subfield of cloudtrail logs Logstash	2	789	June 24, 2019
Logstash s3-sqs input plugin to differentiate 2 types of log Logstash	1	270	October 7, 2020
Does logstash-input-s3-sns-sqs support backup_to_bucket? Logstash	1	280	December 12, 2020

From CloudTrail S3 SQS to Elastic via Logstash

Related topics