Handling multiple logstream formats with Functionbeat

Karl_Falconer · January 14, 2021, 9:00pm

Hi,

I have a working function beat sending logs from Cloudwatch containing mysql slow query data ES and am able to view the log data in Kibana.

I am trying to understand a few things regarding various log types.

What is the best practice for dealing with multiple log groups having different formats. Ex: mysql (RDS) slow query, error, AWS ELB, S3, etc. Do we have one function with multiple streams, or a function per stream?
Related to above, how do we then handling the different parsing requirements for each log group. Is this a general Beats issue where we'd setup a single pipeline, and then have multiple processesors for each expected log type?
Am I correct in assuming that even though Kibana and Filebeats has support for Mysql, that because we are getting these logs from functionbeat, we can't use the pre-built dashboards?

system · February 11, 2021, 11:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Make functionbeat logs show in "Logs" section of Kibana Beats functionbeat	5	560	February 28, 2019
Functionbeat not sending data to Kibana Beats functionbeat	2	467	August 19, 2021
Functionbeat with logstash Beats functionbeat	1	453	July 19, 2019
[AWS] Functionbeat to logstash config problem Beats functionbeat	5	724	March 27, 2019
Not seeing cloudwatch streamed logs via functionbeat in elasticsearch Kibana	2	355	August 14, 2020