Logstash-cloudwatch-input plugin is not sending data to Elasticsearch

Rajat_Toshniwal · April 9, 2016, 11:09am

Hi All,

I am little new in this world and really struggling in setting up a centralized log management server for AWS cloud servers. I am using logstash-cloudwatch-input plugin to do the same.
Below is my Logstash configuration for the same
####################################################
input {
cloudwatch {
namespace => "AWS/EC2"
metrics => [ "CPUUtilization" ]
filters => { "tag:Name" => "CodeDeployDemo" }
region => "us-east-1"
interval => 240
period => 120
}
}

input {
cloudwatch {
namespace => "AWS/EBS"
metrics => ["VolumeQueueLength"]
filters => { "tag:Name" => "codedemo-ebs" }
region => "us-east-1"
}
}

input {
cloudwatch {
namespace => "AWS/RDS"
metrics => ["CPUUtilization", "CPUCreditUsage"]
filters => { "EngineName" => "mysql" } # Only supports EngineName, DatabaseClass and DBInstanceIdentifier
region => "us-west-2"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
}
#########################################################
As per the documents published on google, I have created the required permissions for AWS cloud account and attached it with my instance profile.
In the debug logs (bin/logstash -f /etc/logstash/conf.d/4-cloudwatch.conf --debug), I can see , that it is fetching some information from AWS account, but it is not there in the elasticsearch.
Information
DPs: {:datapoints=>[{:timestamp=>2016-04-09 10:48:00 UTC, :sample_count=>1.0, :unit=>"Count", :minimum=>0.05, :maximum=>0.05, :sum=>0.05, :average=>0.05}, {:timestamp=>2016-04-09 10:43:00 UTC, :sample_count=>1.0, :unit=>"Count", :minimum=>0.05, :maximum=>0.05, :sum=>0.05, :average=>0.05}], :label=>"CPUCreditUsage", :response_metadata=>{:request_id=>"fc14aa0c-fe41-11e5-9c12-b9cb38b8a2a0"}} {:level=>:debug, :file=>"logstash/inputs/cloudwatch.rb", :line=>"183", :method=>"fetch_resource_events"}

DPs: {:datapoints=>[{:timestamp=>2016-04-09 10:43:00 UTC, :sample_count=>5.0, :unit=>"Percent", :minimum=>0.67, :maximum=>1.48, :sum=>4.83, :average=>0.966}, {:timestamp=>2016-04-09 10:53:00 UTC, :sample_count=>4.0, :unit=>"Percent", :minimum=>0.66, :maximum=>1.17, :sum=>3.68, :average=>0.92}, {:timestamp=>2016-04-09 10:48:00 UTC, :sample_count=>5.0, :unit=>"Percent", :minimum=>0.82, :maximum=>1.36, :sum=>4.67, :average=>0.9339999999999999}], :label=>"CPUUtilization", :response_metadata=>{:request_id=>"fbd88b24-fe41-11e5-85b1-613fee1f7a40"}} {:level=>:debug, :file=>"logstash/inputs/cloudwatch.rb", :line=>"183", :method=>"fetch_resource_events"}

Logs are not showing anything unusual.

This is installed on
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty

Elasticsearch version is 2.3.1
Kibana is 4.4.1
Logstash : 2.3.1
logstash-input-cloudwatch:1.1.0

Logstash and Elasticsearch logs are not showing any error and I am able to telnet elasticsearch port on localhost.

warkolm · April 10, 2016, 9:55am

What if you add this to the output - stdout { codec => rubdebug} and see what there is?

Ali-Sh · April 13, 2016, 7:37pm

Hi All,

I have a similar issue. I have an EC2 instance setup in a private vpc network with the IAM role shown below:

And my logstash configuration file has:

I start my logstash using:

The command runs and I can see data from cloudwatch in debug mode:

but logstash doesn't push anything to elasticsearch.

Does anyone have any idea what might be the issue? Or know how I can debug this?
Thank you

Ali-Sh · April 14, 2016, 6:24pm

I figured out the issue.

You can use the 1.1.2 version of the plugin or update your cloudwatch.rb and logstash-input-cloudwatch.gemspec:

Paul_Vencill · October 28, 2016, 7:45pm

I'm having the same problem on version 1.1.3 of the input plugin.

Last log entry from logstash is:

{:timestamp=>"2016-10-28T15:39:45.556000-0400", :message=>"A plugin had an unrecoverable error. Will restart this plugin.\n Plugin: <LogStash::Inputs::CloudWatch metrics=>["CPUUtilization"], filters=>{"tag:Monitoring"=>"Yes"}, region=>"us-east-1", namespace=>"AWS/EC2", aws_credentials_file=>"/var/opt/aws.yaml", codec=><LogStash::Codecs::Plain charset=>"UTF-8">, use_ssl=>true, statistics=>["SampleCount", "Average", "Minimum", "Maximum", "Sum"], interval=>900, period=>300, combined=>false>\n Error: No metrics to query", :level=>:error}

My config file looks like this:

input {
cloudwatch {
metrics => ["CPUUtilization"]
filters => { "tag:Monitoring" => "Yes" }
region => "us-east-1"
namespace => "AWS/EC2"
aws_credentials_file => "/var/opt/aws.yaml"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
}