I am trying to ingest msk logs from s3 bucket to Elasticsearch via logstash input s3 plugin.
S3 bucket holds multiple msk cluster logs. Here is my logstash input config
input {
s3 {
"region" => "{{ region }}"
"bucket" => "{{ bucket_name }}"
"interval" => "{{ interval }}"
"additional_settings" => {
"force_path_style" => true
"follow_redirects" => false
}
}
}
The above config doesnt seem to be working. I dont see logs coming in. So in order to test I have specified the input config with prefix. Here is an example.
input {
s3 {
"region" => "{{ region }}"
"bucket" => "{{ bucket_name }}"
"interval" => "{{ interval }}"
"prefix" => "logs/msk-mskconfigtest-v2/AWSLogs/<accountid>/KafkaBrokerLogs/us-east-1/mskconfigtest-v2-e4c16427-7572-43f8-b814-18c2fcad2062-19/"
"additional_settings" => {
"force_path_style" => true
"follow_redirects" => false
}
}
}
The second block seems to be working but in my scenario the cluster name is variable and new clusters get added in the future. Is this a limitation? Even just specifying "logs/" doesnt seem to be working. What are my options here?