CloudWatch Event Logs (AWS) Inputs

George Alpizar
George Alpizar

Overview

This input type allows you to specify a set of AWS CloudWatch Log Events for Edge Delta to monitor.

With this input, you can monitor multiple regions and log streams.


Review Parameters

Review the following parameters that you can configure in the Edge Delta App:

Visual Editor YAML Description
Cloudwatch Input Labels  labels

Enter a descriptive name for this input. 

When you create a workflow, you will use this label to enter your input into the workflow. 

This parameter is required. 

Review the following example: 

- labels: "us-west-2_ed-log-group_admin-api"
AWS Region  region

You can define a region pattern via regex expression.

For example, for all regions in United States, enter:

  • region: "^us.*$" 

Note

By default, an AWS account is not enabled with all regions. As a result, you can monitor AWS CloudWatch Log Events for all regions without defining a region in the config file; the Edge Delta Agent will obtain and monitor logs from all enabled regions in your account. To accomplish this, you must add "ec2:DescribeRegions" to your account.

To learn more, review the AWS document about DescribeRegions.

 

 

This parameter is optional. 

Review the following example: 

region: "us-west-2"
Log Group 
log_group

Enter the Log Group name that is associated with the CloudWatch Logs agent.

  • Do not enter a regex expression.

This parameter is required. 

Review the following example: 

log_group: /ed-log-group
Log Stream  log_stream

Enter a log stream pattern via a regex expression.

For example, for streams that start with log, enter:

  • log_stream: ^log.*$"" 

This parameter is optional. 

Review the following example: 

log_stream: "^log.*$"
Lookback Period 
lookback

Enter an internal rate to monitor past data. 

By default, this parameter is set to 1 hour. 

This parameter is optional. 

Review the following example: 

lookback: 1h
Polling Interval 
interval

Enter an internal rate to look for new, incoming log events. 

By default, this parameter is set to 1 minute. 

This parameter is optional. 

Review the following example: 

interval: 1m
PrependTimestamp 
prepend_timestamp

Enter true or false to add an event timestamp as a prefix to the event message with a tab ("\t") delimiter.

This parameter is optional. 

Review the following example: 

prepend_timestamp: true
Result Limit 
result_limit

Enter a limit for the the maximum number of log events that should be returned. 

By default, this parameter will return up to 1 MB of log events, which can be up to 10,000 log events. 

This parameter is optional. 

Review the following example: 

result_limit: 5000
Filters filters

Select an existing filter to add to this input. 

To learn more, see Filters.

This parameter is optional. 

Review the following example: 

filters: 
- info

Review Sample Configuration

Review the following sample configuration: 

 cloudwatches:
    - labels: "us-west-2_ed-log-group_admin-api"
      region: "^us.*$"
      log_group: /ed-log-group
      log_stream: "^log.*$"
      lookback: 1h
      interval: 1m
      prepend_timestamp: true
      result_limit: 5000
    - labels: "us_ed-log-group_admin"
      region: "^us.*$"
      log_group: "/ed-log-group"
      log_stream: "^admin.*$"
      interval: 5m
    - labels: "ed-log-group"
      region: ".*"
      log_group: "/ed-log-group"
      log_stream: ".*"
      interval: 5m
    - labels: "ed-log-with-regex-group-name"
      region: ".*"
      log_group: "^/ed-log"
      log_stream: ".*"
      interval: 5m
    - labels: "cloudwatch-input-assumes-role"
      region: "us-west-2"
      log_group: "/ed-log-group"
      log_stream: ".*"
      interval: 5m
      role_arn: "arn:aws:iam::<ACCOUNT_ID>:role/<ROLE_NAME>"
      external_id: "053cf606-8e80-47bf-b849-8cd1cc826cfc"
    - labels: "cloudwatch-input-host-filtered"
      host: "myhost"
      region: ".*"
      log_group: "^/ed-log"
      log_stream: ".*"
      interval: 5m
    - labels: "cloudwatch-input-with-aws-creds"
      region: ".*"
      log_group: "^/ed-log"
      log_stream: ".*"
      interval: 5m
      aws_key_id: '{{ Env "AWS_KEY_ID" }}'
      aws_sec_key: '{{ Env "AWS_SECRET_KEY" }}'

 

 

Share this document