AWS module

edit

This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.

This is a module for aws logs. It uses filebeat s3 input to get log files from AWS S3 buckets with SQS notification. This module supports reading s3 server access logs with s3access fileset and ELB access logs with elb fileset. Access logs contain detailed information about the requests made to these services.

Example dashboard

edit

This module comes with a sample dashboard for s3access fileset:

filebeat aws s3access overview

s3access fileset settings

edit

Example config:

- module: aws
  s3access:
    enabled: false

    # AWS SQS queue url
    #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue

    # Filename of AWS credential file
    # If not set "$HOME/.aws/credentials" is used on Linux/Mac
    # "%UserProfile%\.aws\credentials" is used on Windows
    # var.shared_credential_file: /etc/filebeat/aws_credentials

    # Profile name for aws credential
    # If not set the default profile is used
    # var.credential_profile_name: fb-aws

  elb:
    enabled: false

    # AWS SQS queue url
    #var.queue_url: https://sqs.myregion.amazonaws.com/123456/myqueue

    # Filename of AWS credential file
    # If not set "$HOME/.aws/credentials" is used on Linux/Mac
    # "%UserProfile%\.aws\credentials" is used on Windows
    # var.shared_credential_file: /etc/filebeat/aws_credentials

    # Profile name for aws credential
    # If not set the default profile is used
    # var.credential_profile_name: fb-aws
var.queue_url
AWS SQS queue url.
var.shared_credential_file
Filename of AWS credential file.
var.credential_profile_name
AWS credential profile name.

Fields

edit

For a description of each field in the module, see the exported fields section.