Currently i am using elk stack to ingest only warning and errors logs to Elasticsearch server. Also i am using elastic beanstalk to rotate logs to S3 bucket.
Now as i ingest only warning and error logs sometimes i need even INFO logs for this scenario what i have done is to ingest from s3 using s3-input-plugin, but what ever logs in kibana dashboard are different to the files i have downloaded manually. Also can i use regex while using prefix?
input {
s3 {
bucket => "your-s3-bucket-name"
access_key_id => "your-aws-access-key-id"
secret_access_key => "your-aws-secret-access-key"
region => "your-aws-region"
prefix => "resources/environments/logs/publish/e-j2efvpwbsx/*/catalina.2023-03-17-1.*.gz"
codec => "json"
}
}
output {
elasticsearch {
hosts => ["your-elasticsearch-host:9200"]
index => "your-elasticsearch-index-name"
}
}