Logstash: s3 input plugin

harkamals · April 1, 2018, 11:24am

Hello, I am to work on a use case of ingesting aws cloud trail logs from a s3 bucket into logstash.

A number of logstash servers are spun by the auto scaling group
Do I need to apply s3 input config to every one of them as bootstrap config ?
If so, will several logstash servers work to digest files from s3 ? could this result into duplicate entries in elasticsearch ?
Or is there a better way to push config to servers, auto magically ?

thank you, and I look forward to advise.

Best regards

magnusbaeck · April 5, 2018, 7:43pm

Logstash's s3 input has no support for multiple instances pulling logs from the same bucket.

Topic		Replies	Views
A question around logstash S3 input plugin Logstash	3	626	November 8, 2023
Having multiple logstash instances (more than one server) for reading from same s3 bucket using s3 input plugin Logstash	1	710	September 4, 2019
How to run multiple logstash instances for s3 input Logstash	7	5194	July 6, 2017
How to use Beat with Amazon S3 logs as input? Logstash	1	380	March 18, 2019
Mulitple logstash to read data from single s3 bucket location Logstash	2	1606	October 24, 2018