cloudwatchedit

  • Version: 2.0.0
  • Released on: 2016-10-22
  • Changelog
Note

This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-input-cloudwatch.

Pull events from the Amazon Web Services CloudWatch API.

To use this plugin, you must have an AWS account, and the following policy

Typically, you should setup an IAM policy, create a user and apply the IAM policy to the user. A sample policy for EC2 metrics is as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1444715676000",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:ListMetrics"
            ],
            "Resource": "*"
        },
        {
            "Sid": "Stmt1444716576170",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances"
            ],
            "Resource": "*"
        }
    ]
}

See http://aws.amazon.com/iam/ for more details on setting up AWS identities.

# Configuration Example

input {
  cloudwatch {
    namespace => "AWS/EC2"
    metrics => [ "CPUUtilization" ]
    filters => { "tag:Group" => "API-Production" }
    region => "us-east-1"
  }
}
input {
  cloudwatch {
    namespace => "AWS/EBS"
    metrics => ["VolumeQueueLength"]
    filters => { "tag:Monitoring" => "Yes" }
    region => "us-east-1"
  }
}
input {
  cloudwatch {
    namespace => "AWS/RDS"
    metrics => ["CPUUtilization", "CPUCreditUsage"]
    filters => { "EngineName" => "mysql" } # Only supports EngineName, DatabaseClass and DBInstanceIdentifier
    region => "us-east-1"
  }
}

 

Synopsisedit

This plugin supports the following configuration options:

Required configuration options:

cloudwatch {
    filters => ...
}

Available configuration options:

Setting Input typeRequiredDefault value

access_key_id

string

No

add_field

hash

No

{}

aws_credentials_file

string

No

codec

codec

No

"plain"

combined

boolean

No

false

enable_metric

boolean

No

true

filters

array

Yes

id

string

No

interval

number

No

900

metrics

array

No

["CPUUtilization", "DiskReadOps", "DiskWriteOps", "NetworkIn", "NetworkOut"]

namespace

string

No

"AWS/EC2"

period

number

No

300

proxy_uri

string

No

region

string, one of ["us-east-1", "us-west-1", "us-west-2", "eu-central-1", "eu-west-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ap-northeast-2", "sa-east-1", "us-gov-west-1", "cn-north-1", "ap-south-1"]

No

"us-east-1"

secret_access_key

string

No

session_token

string

No

statistics

array

No

["SampleCount", "Average", "Minimum", "Maximum", "Sum"]

tags

array

No

type

string

No

use_ssl

boolean

No

true

Detailsedit

 

access_key_idedit

  • Value type is string
  • There is no default value for this setting.

This plugin uses the AWS SDK and supports several ways to get credentials, which will be tried in this order:

  1. Static configuration, using access_key_id and secret_access_key params in logstash plugin config
  2. External credentials file specified by aws_credentials_file
  3. Environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
  4. Environment variables AMAZON_ACCESS_KEY_ID and AMAZON_SECRET_ACCESS_KEY
  5. IAM Instance Profile (available when running inside EC2)

add_fieldedit

  • Value type is hash
  • Default value is {}

Add a field to an event

aws_credentials_fileedit

  • Value type is string
  • There is no default value for this setting.

Path to YAML file containing a hash of AWS credentials. This file will only be loaded if access_key_id and secret_access_key aren’t set. The contents of the file should look like this:

    :access_key_id: "12345"
    :secret_access_key: "54321"

codecedit

  • Value type is codec
  • Default value is "plain"

The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.

combinededit

  • Value type is boolean
  • Default value is false

Use this for namespaces that need to combine the dimensions like S3 and SNS.

enable_metricedit

  • Value type is boolean
  • Default value is true

Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

filtersedit

  • This is a required setting.
  • Value type is array
  • There is no default value for this setting.

Specify the filters to apply when fetching resources:

This needs to follow the AWS convention of specifiying filters. Instances: { instance-idi-12344321 } Tags: { "tag:Environment" ⇒ "Production" } Volumes: { attachment.statusattached } Each namespace uniquely support certian dimensions. Please consult the documentation to ensure you’re using valid filters.

  • Value type is string
  • There is no default value for this setting.

Add a unique ID to the plugin instance, this ID is used for tracking information for a specific configuration of the plugin.

``` output { stdout { id ⇒ "ABC" } } ```

If you don’t explicitely set this variable Logstash will generate a unique name.

intervaledit

  • Value type is number
  • Default value is 900

Set how frequently CloudWatch should be queried

The default, 900, means check every 15 minutes. Setting this value too low (generally less than 300) results in no metrics being returned from CloudWatch.

metricsedit

  • Value type is array
  • Default value is ["CPUUtilization", "DiskReadOps", "DiskWriteOps", "NetworkIn", "NetworkOut"]

Specify the metrics to fetch for the namespace. The defaults are AWS/EC2 specific. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html for the available metrics for other namespaces.

namespaceedit

  • Value type is string
  • Default value is "AWS/EC2"

If undefined, LogStash will complain, even if codec is unused. The service namespace of the metrics to fetch.

The default is for the EC2 service. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html for valid values.

periodedit

  • Value type is number
  • Default value is 300

Set the granularity of the returned datapoints.

Must be at least 60 seconds and in multiples of 60.

proxy_uriedit

  • Value type is string
  • There is no default value for this setting.

URI to proxy server if required

regionedit

  • Value can be any of: us-east-1, us-west-1, us-west-2, eu-central-1, eu-west-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, ap-northeast-2, sa-east-1, us-gov-west-1, cn-north-1, ap-south-1
  • Default value is "us-east-1"

The AWS Region

secret_access_keyedit

  • Value type is string
  • There is no default value for this setting.

The AWS Secret Access Key

session_tokenedit

  • Value type is string
  • There is no default value for this setting.

The AWS Session token for temporary credential

statisticsedit

  • Value type is array
  • Default value is ["SampleCount", "Average", "Minimum", "Maximum", "Sum"]

Specify the statistics to fetch for each namespace

tagsedit

  • Value type is array
  • There is no default value for this setting.

Add any number of arbitrary tags to your event.

This can help with processing later.

typeedit

  • Value type is string
  • There is no default value for this setting.

Add a type field to all events handled by this input.

Types are used mainly for filter activation.

The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.

If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.

use_ssledit

  • Value type is boolean
  • Default value is true

Should we require (true) or disable (false) using SSL for communicating with the AWS API The AWS SDK for Ruby defaults to SSL so we preserve that