Hi Community,
I observed that there is some data is getting lost while ingesting cloudwatch logs to logstash via filebeat. Any idea how to debug/fix the issue?
Can you provide more context on how are you getting that logs and how identified that you are losing data?
Are you using the filebeat cloudwatch input to get the logs and send to Logstash?
What do you have in logs for both filebeat and Logstash?
How many loggroups do you have in Cloudwatch and what is the volume of logs you have? The cloudwatch filebeat input does not perform well on large cloudwatch log groups.