Getting error with cloudwatch input plugin

Rajat_Ravi · April 11, 2019, 7:29am

[2019-04-11T06:46:56,025][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Expected one of #, { at line 352, column 7 (byte 9716) after input {\n cloudwatch_logs {\n log_group => [ "/aws/rds/instance/trips3m-prod-read/slowquery" ]\n region => us-east-1\n ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:157:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/reload.rb:35:inexecute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:309:in `block in converge_state'"]}

Rajat_Ravi · April 11, 2019, 7:43am

Can anyone help me

Christian_Dahlqvist · April 11, 2019, 7:47am

This is a community manned forum, so you need to be patient. It would probably also make it easier to help you if you could provide some additional details and share your configuration as this seems to be what Logstash is complaining about. Just posting an error message does not give anyone a lot to go on.

Rajat_Ravi · April 11, 2019, 8:23am

This is my current conf file and for aws creds using IAM role
input {
cloudwatch_logs {
log_group => [ "/aws/rds/instance/trips3m-prod-read/slowquery" ]
region => us-east-1
}
}

output {
elasticsearch {
hosts => ["http://0.0.0.0:9200"]
index => "%{[@metadata][indexname]}-%{+YYYY.MM.dd}"
}

Christian_Dahlqvist · April 11, 2019, 8:51am

What plugin cloudwatch_logs is this that you are using? It does not seem to be the standard cloudwatch one.

You can also not send data to ip 0.0.0.0 in the Elasticsearch output. This need to be the IP of your Elasticsearch instance(s).

Rajat_Ravi · April 11, 2019, 9:38am

This one is using logstash-input-cloudwatch_logs Because i want cloudwatch log group data

Badger · April 11, 2019, 12:21pm

It has to be quoted

region => "us-east-1"

Rajat_Ravi · April 12, 2019, 7:51am

Thanks

system · May 10, 2019, 7:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.