cloudwatchedit
- Version: 2.0.0
- Released on: 2016-10-22
- Changelog
- Compatible: 5.1.1.1, 5.0.0, 2.4.1, 2.4.0, 2.3.4
This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-input-cloudwatch.
Pull events from the Amazon Web Services CloudWatch API.
To use this plugin, you must have an AWS account, and the following policy
Typically, you should setup an IAM policy, create a user and apply the IAM policy to the user. A sample policy for EC2 metrics is as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1444715676000",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": "*"
},
{
"Sid": "Stmt1444716576170",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": "*"
}
]
}
See http://aws.amazon.com/iam/ for more details on setting up AWS identities.
Configuration Example
input {
cloudwatch {
namespace => "AWS/EC2"
metrics => [ "CPUUtilization" ]
filters => { "tag:Group" => "API-Production" }
region => "us-east-1"
}
}
input {
cloudwatch {
namespace => "AWS/EBS"
metrics => ["VolumeQueueLength"]
filters => { "tag:Monitoring" => "Yes" }
region => "us-east-1"
}
}
input {
cloudwatch {
namespace => "AWS/RDS"
metrics => ["CPUUtilization", "CPUCreditUsage"]
filters => { "EngineName" => "mysql" } # Only supports EngineName, DatabaseClass and DBInstanceIdentifier
region => "us-east-1"
}
}
Synopsisedit
This plugin supports the following configuration options:
Required configuration options:
cloudwatch {
filters => ...
}
Available configuration options:
| Setting | Input type | Required | Default value |
|---|---|---|---|
No |
|||
No |
|
||
No |
|||
No |
|
||
No |
|
||
No |
|
||
Yes |
|||
No |
|||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
No |
|||
string, one of |
No |
|
|
No |
|||
No |
|||
No |
|
||
No |
|||
No |
|||
No |
|
Detailsedit
access_key_idedit
- Value type is string
- There is no default value for this setting.
This plugin uses the AWS SDK and supports several ways to get credentials, which will be tried in this order:
-
Static configuration, using
access_key_idandsecret_access_keyparams in logstash plugin config -
External credentials file specified by
aws_credentials_file -
Environment variables
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY -
Environment variables
AMAZON_ACCESS_KEY_IDandAMAZON_SECRET_ACCESS_KEY - IAM Instance Profile (available when running inside EC2)
aws_credentials_fileedit
- Value type is string
- There is no default value for this setting.
Path to YAML file containing a hash of AWS credentials.
This file will only be loaded if access_key_id and
secret_access_key aren’t set. The contents of the
file should look like this:
:access_key_id: "12345"
:secret_access_key: "54321"
codecedit
- Value type is codec
-
Default value is
"plain"
The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.
combinededit
- Value type is boolean
-
Default value is
false
Use this for namespaces that need to combine the dimensions like S3 and SNS.
enable_metricedit
- Value type is boolean
-
Default value is
true
Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.
filtersedit
- This is a required setting.
- Value type is array
- There is no default value for this setting.
Specify the filters to apply when fetching resources:
This needs to follow the AWS convention of specifiying filters. Instances: { instance-id ⇒ i-12344321 } Tags: { "tag:Environment" ⇒ "Production" } Volumes: { attachment.status ⇒ attached } Each namespace uniquely support certian dimensions. Please consult the documentation to ensure you’re using valid filters.
idedit
- Value type is string
- There is no default value for this setting.
Add a unique ID to the plugin instance, this ID is used for tracking
information for a specific configuration of the plugin.
output {
stdout {
id => "ABC"
}
}
If you don’t explicitely set this variable Logstash will generate a unique name.
intervaledit
- Value type is number
-
Default value is
900
Set how frequently CloudWatch should be queried
The default, 900, means check every 15 minutes. Setting this value too low
(generally less than 300) results in no metrics being returned from CloudWatch.
metricsedit
- Value type is array
-
Default value is
["CPUUtilization", "DiskReadOps", "DiskWriteOps", "NetworkIn", "NetworkOut"]
Specify the metrics to fetch for the namespace. The defaults are AWS/EC2 specific. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html for the available metrics for other namespaces.
namespaceedit
- Value type is string
-
Default value is
"AWS/EC2"
If undefined, LogStash will complain, even if codec is unused. The service namespace of the metrics to fetch.
The default is for the EC2 service. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html for valid values.
periodedit
- Value type is number
-
Default value is
300
Set the granularity of the returned datapoints.
Must be at least 60 seconds and in multiples of 60.
proxy_uriedit
- Value type is string
- There is no default value for this setting.
URI to proxy server if required
regionedit
-
Value can be any of:
us-east-1,us-west-1,us-west-2,eu-central-1,eu-west-1,ap-southeast-1,ap-southeast-2,ap-northeast-1,ap-northeast-2,sa-east-1,us-gov-west-1,cn-north-1,ap-south-1 -
Default value is
"us-east-1"
The AWS Region
secret_access_keyedit
- Value type is string
- There is no default value for this setting.
The AWS Secret Access Key
session_tokenedit
- Value type is string
- There is no default value for this setting.
The AWS Session token for temporary credential
statisticsedit
- Value type is array
-
Default value is
["SampleCount", "Average", "Minimum", "Maximum", "Sum"]
Specify the statistics to fetch for each namespace
tagsedit
- Value type is array
- There is no default value for this setting.
Add any number of arbitrary tags to your event.
This can help with processing later.
typeedit
- Value type is string
- There is no default value for this setting.
Add a type field to all events handled by this input.
Types are used mainly for filter activation.
The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.
If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.