CloudWatch Event Logs (AWS) Inputs

George Alpizar
George Alpizar
  • Updated

Overview

This input type allows you to specify a set of AWS CloudWatch Log Events for Edge Delta to monitor.

With this input, you can monitor multiple regions and log streams.


Review Sample Configuration

Review the following sample configuration: 

 cloudwatches:
    - labels: "us-west-2_ed-log-group_admin-api"
      region: "^us.*$"
      log_group: /ed-log-group
      log_stream: "^log.*$"
      lookback: 1h
      interval: 1m
      prepend_timestamp: true
      result_limit: 5000
    - labels: "us_ed-log-group_admin"
      region: "^us.*$"
      log_group: "/ed-log-group"
      log_stream: "^admin.*$"
      interval: 5m
    - labels: "ed-log-group"
      region: ".*"
      log_group: "/ed-log-group"
      log_stream: ".*"
      interval: 5m
    - labels: "ed-log-with-regex-group-name"
      region: ".*"
      log_group: "^/ed-log"
      log_stream: ".*"
      interval: 5m
    - labels: "cloudwatch-input-assumes-role"
      region: "us-west-2"
      log_group: "/ed-log-group"
      log_stream: ".*"
      interval: 5m
      role_arn: "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>"
      external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc"
    - labels: "cloudwatch-input-host-filtered"
      host: "myhost"
      region: ".*"
      log_group: "^/ed-log"
      log_stream: ".*"
      interval: 5m
    - labels: "cloudwatch-input-with-aws-creds"
      region: ".*"
      log_group: "^/ed-log"
      log_stream: ".*"
      interval: 5m
      aws_key_id: '{{ Env "AWS_KEY_ID" }}'
      aws_sec_key: '{{ Env "AWS_SECRET_KEY" }}'

Review Parameters

Review the following parameters that you can configure in the Edge Delta App. 


labels

Required

Enter a descriptive name for this input. 

When you create a workflow, you will use this label to enter your input into the workflow. 

Review the following example: 

- labels: "us-west-2_ed-log-group_admin-api"

region

Optional 

You can define a region pattern via regex expression.

For example, for all regions in United States, enter:

  • region: "^us.*$" 

Note

By default, an AWS account is not enabled with all regions. As a result, you can monitor AWS CloudWatch Log Events for all regions without defining a region in the config file; the Edge Delta Agent will obtain and monitor logs from all enabled regions in your account. To accomplish this, you must add the ec2:DescribeRegions permission to your account.

To learn more, review the AWS document about DescribeRegions.

Review the following example: 

region: "us-west-2"

log_group

Required

Enter the Log Group name via a regex expression that is associated with the CloudWatch Logs agent.

Review the following example: 

log_group: /ed-log-group

log_stream

Optional 

Enter a log stream pattern via a regex expression.

For example, for streams that start with log, enter:

  • log_stream: ^log.*$"" 

Review the following example: 

log_stream: "^log.*$"

lookback

Optional 

Enter an internal rate to monitor past data. 

By default, this parameter is set to 1 hour. 

Review the following example: 

lookback: 1h

interval

Optional

Enter an internal rate to look for new, incoming log events. 

By default, this parameter is set to 1 minute. 

Review the following example: 

interval: 1m

prepend_timestamp

Optional

Enter true or false to add an event timestamp as a prefix to the event message with a tab ("\t") delimiter.

Review the following example: 

prepend_timestamp: true

result_limit

Optional

Enter a limit for the the maximum number of log events that should be returned. 

By default, this parameter will return up to 1 MB of log events, which can be up to 10,000 log events. 

Review the following example: 

result_limit: 5000

filters

Optional 

Enter an existing filter to add to this input. 

To learn more, see Filters.

Review the following example: 

filters: 
- info

 


 

Share this document