I am trying to segregate cloudwatch logs using functionbeat. I deployed two lambda functions having different log group name, function name and deploy bucket. The goal is to get logs from two different environments and view them in kibana separately. I am not quite sure what is the right way to do this. Would it be setting up two different index names? Here's my functionbeat.yml:
functionbeat.provider.aws.endpoint: "s3.amazonaws.com"
functionbeat.provider.aws.deploy_bucket: "fb-dev"
functionbeat.provider.aws.functions:
- name: fb-cw-logs-dev
enabled: true
type: cloudwatch_logs
description: "lambda function for cloudwatch logs in dev"
triggers:
- log_group_name: dev-api-logs
cloud.id: "*****"
cloud.auth: "*****:*****"
output.elasticsearch:
index: "dev-api-logs-%{[agent.version]}-%{+yyyy.MM.dd}"
setup.template.enabled: true
setup.template.name: "dev-api-logs-%{[agent.version]}-*"
setup.template.pattern: "dev-api-logs-%{[agent.version]}-*"
setup.template.overwrite: true
setup.template.settings:
enabled: true
setup.ilm.enabled: false
setup.ilm.rollover_alias: "dev-api-logs"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~