Is there any way to access all cloudwatch log groups without providing the exact name?

EZprogramming · June 18, 2019, 9:37pm

Hi everyone,

question about Logstash input plugin for Cloudwatch logs. I want to get all the logs in the log groups that start with /aws/lambda/, is that possible?

I tried the below configuration with log_group => ["/aws/lambda/*"], but it didn't work. However, using a specific log_group name works, but that is not what I intend to do.

Configuration:

input{
 cloudwatch_logs {
   access_key_id => "***"
   secret_access_key => "***"
   log_group => ["/aws/lambda/*"]
   region => "us-west-2"
 }
}

filter { ... }

output { ... }

Badger · June 18, 2019, 10:32pm

log_group_prefix => true

perhaps? I have not tested it, but from the code it appears to be what you want.

EZprogramming · June 18, 2019, 10:52pm

Thanks for your suggestion, do I have to still specify the name of the log groups? or can I just use ["/aws/lambda/*"] with the * at the end of /aws/lambda/?

Badger · June 18, 2019, 11:11pm

You can walk through the code and API, or you can experiment. My best guess is

log_group => "/aws/lambda/"

EZprogramming · June 19, 2019, 12:21am

@Badger, yes the log group prefix worked. Thank you!

Solution:

input{
  cloudwatch_logs {
    access_key_id => "***"
    secret_access_key => "***"
    log_group_prefix => true
    log_group => ["/aws/lambda/"]
    region => "us-west-2"
  }
}

system · July 17, 2019, 12:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.