Functionbeat with logstash

rhader · June 28, 2019, 8:56pm

can functionbeat installed on aws cloudwatch/lambda send logs from a specific log group to logstash?

Within the functionbeat.yml file I see a logstash output section. Currently I am sending logs directly to my elastic cloud with my id/password. How can I send logs to logstash for data enrichment and then to kibana for visualization?

This is my functionbeat.yml file

functionbeat.provider.aws.deploy_bucket: "functionbeat-lambdas"

functionbeat.provider.aws.functions:
  - name: cloudwatch
    enabled: true
    type: cloudwatch_logs

# Description of the method to help identify them when you run multiples functions.
description: "lambda function for cloudwatch log ingestion"

# List of cloudwatch log group registered to that function.
triggers:
  - log_group_name: /log-grp-1
  - log_group_name: /log-grp-2




#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 1


#============================= Elastic Cloud==================================

cloud.id: "testing:dXMtd2VzdC0xLmF3cy5mb3VuZC5pbyQxNGNkODY0ZTlkOGU0NmY1OGZlZWRiOGU5MWRhMjJiNSQ0MWU4Zjk4ODVlMDE0OThhYWEwMzkwOTkyNjI4NmZjOQ=="
cloud.auth: "elastic:{ES_PWD}"



#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------
#output.logstash:
  # The Logstash hosts
  #hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

#================================ Processors =====================================

# Configure processors to enhance or manipulate events generated by the beat.
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

system · July 19, 2019, 10:56am

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.