Functionbeat with logstash

can functionbeat installed on aws cloudwatch/lambda send logs from a specific log group to logstash?

Within the functionbeat.yml file I see a logstash output section. Currently I am sending logs directly to my elastic cloud with my id/password. How can I send logs to logstash for data enrichment and then to kibana for visualization?

This is my functionbeat.yml file "functionbeat-lambdas"
  - name: cloudwatch
    enabled: true
    type: cloudwatch_logs

# Description of the method to help identify them when you run multiples functions.
description: "lambda function for cloudwatch log ingestion"

# List of cloudwatch log group registered to that function.
  - log_group_name: /log-grp-1
  - log_group_name: /log-grp-2

#==================== Elasticsearch template setting ==========================

  index.number_of_shards: 1

#============================= Elastic Cloud================================== "testing:dXMtd2VzdC0xLmF3cy5mb3VuZC5pbyQxNGNkODY0ZTlkOGU0NmY1OGZlZWRiOGU5MWRhMjJiNSQ0MWU4Zjk4ODVlMDE0OThhYWEwMzkwOTkyNjI4NmZjOQ=="
cloud.auth: "elastic:{ES_PWD}"

#-------------------------- Elasticsearch output ------------------------------
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
  # The Logstash hosts
  #hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

#================================ Processors =====================================

# Configure processors to enhance or manipulate events generated by the beat.
  - add_host_metadata: ~
  - add_cloud_metadata: ~

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.