How filter Cloudwatch Logs Aws?

angelicamaria · March 30, 2019, 1:57pm

Hello guys,

How do I make the filter take into account the records that are between START and END?

I want to send to Elastic something as this:
{
"_index": "pruebalog:07132017",
"_type": "cloudwatch_logs",
"_id": "23334844787867677",
"_score": null,
"_source": {
"hostName": "AWS LOGS",
"appName": "LAMBDA",
"priority": "ERROR",
"@timestamp": "2019-03-25T15:50:55.000Z",
"message": {
"data": "{
Console Log #0
Console Log #1
Console Log #2
...
...
...
}
}
},
"fields": {
"@timestamp": [
12333333333333
]
}
}

Badger · March 30, 2019, 2:08pm

What do you want the result to be?

angelicamaria · March 30, 2019, 2:56pm

Friend, update the question, thanks for the help.

Badger · March 30, 2019, 3:46pm

That looks like a very good match for Example 1 given in the documentation of the aggregate filter. You have a start event, and end event, and every line has a guid that can be used to correlate them.

system · April 27, 2019, 3:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to filter based on log_stream Logstash	15	2166	September 7, 2017
Cloudwatch logs input configuration help needed Logstash	1	966	April 25, 2017
Aggregate filter - calculate difference between timestamps Logstash	2	1186	January 17, 2018
Logstash Cloudwatch logs collect based on timestamp Logstash	1	259	February 21, 2020
Log Data in ES from CloudWatch log Kibana	2	440	January 12, 2019

How filter Cloudwatch Logs Aws?

Related topics