I am trying to read in cloudtrail logs from an S3 bucket and need assistance with the configuration and am hamstrung by limited example documentation.
The bucket data is in:
All buckets/auditLogs//Cloudtrail////
s3 {
type => "mgmt-audit"
bucket => "Cloudtrail"
# prefix => auditLogs//"
aws_credentials_file => "/etc/logstash/creds.conf"
codec => cloudtrail {}
}
Thanks
Ash