cloudwatch
editcloudwatch
editThis is a community-maintained plugin! It does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-input-cloudwatch.
Pull events from the Amazon Web Services CloudWatch API.
To use this plugin, you must have an AWS account, and the following policy
Typically, you should setup an IAM policy, create a user and apply the IAM policy to the user. A sample policy for EC2 metrics is as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1444715676000",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource": "*"
},
{
"Sid": "Stmt1444716576170",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": "*"
}
]
}
See http://aws.amazon.com/iam/ for more details on setting up AWS identities.
Configuration Example
input {
cloudwatch {
namespace => "AWS/EC2"
metrics => [ "CPUUtilization" ]
filters => { "tag:Group" => "API-Production" }
region => "us-east-1"
}
}
input {
cloudwatch {
namespace => "AWS/EBS"
metrics => ["VolumeQueueLength"]
filters => { "tag:Monitoring" => "Yes" }
region => "us-east-1"
}
}
input {
cloudwatch {
namespace => "AWS/RDS"
metrics => ["CPUUtilization", "CPUCreditUsage"]
filters => { "EngineName" => "mysql" } # Only supports EngineName, DatabaseClass and DBInstanceIdentifier
region => "us-east-1"
}
}
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
cloudwatch {
filters => ...
}
Available configuration options:
| Setting | Input type | Required | Default value |
|---|---|---|---|
No |
|||
No |
|
||
No |
|||
No |
|
||
No |
|
||
Yes |
|||
No |
|
||
No |
|
||
No |
|
||
No |
|
||
No |
|||
string, one of |
No |
|
|
No |
|||
No |
|||
No |
|
||
No |
|||
No |
|||
No |
|
Details
edit
access_key_id
edit- Value type is string
- There is no default value for this setting.
This plugin uses the AWS SDK and supports several ways to get credentials, which will be tried in this order:
-
Static configuration, using
access_key_idandsecret_access_keyparams in logstash plugin config -
External credentials file specified by
aws_credentials_file -
Environment variables
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY -
Environment variables
AMAZON_ACCESS_KEY_IDandAMAZON_SECRET_ACCESS_KEY - IAM Instance Profile (available when running inside EC2)
aws_credentials_file
edit- Value type is string
- There is no default value for this setting.
Path to YAML file containing a hash of AWS credentials.
This file will only be loaded if access_key_id and
secret_access_key aren’t set. The contents of the
file should look like this:
:access_key_id: "12345"
:secret_access_key: "54321"
codec
edit- Value type is codec
-
Default value is
"plain"
The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.
combined
edit- Value type is boolean
-
Default value is
false
Use this for namespaces that need to combine the dimensions like S3 and SNS.
filters
edit- This is a required setting.
- Value type is array
- There is no default value for this setting.
Specify the filters to apply when fetching resources:
This needs to follow the AWS convention of specifiying filters. Instances: { instance-id ⇒ i-12344321 } Tags: { "tag:Environment" ⇒ "Production" } Volumes: { attachment.status ⇒ attached } Each namespace uniquely support certian dimensions. Please consult the documentation to ensure you’re using valid filters.
interval
edit- Value type is number
-
Default value is
900
Set how frequently CloudWatch should be queried
The default, 900, means check every 15 minutes. Setting this value too low
(generally less than 300) results in no metrics being returned from CloudWatch.
metrics
edit- Value type is array
-
Default value is
["CPUUtilization", "DiskReadOps", "DiskWriteOps", "NetworkIn", "NetworkOut"]
Specify the metrics to fetch for the namespace. The defaults are AWS/EC2 specific. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html for the available metrics for other namespaces.
namespace
edit- Value type is string
-
Default value is
"AWS/EC2"
If undefined, LogStash will complain, even if codec is unused. The service namespace of the metrics to fetch.
The default is for the EC2 service. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html for valid values.
period
edit- Value type is number
-
Default value is
300
Set the granularity of the returned datapoints.
Must be at least 60 seconds and in multiples of 60.
proxy_uri
edit- Value type is string
- There is no default value for this setting.
URI to proxy server if required
region
edit-
Value can be any of:
us-east-1,us-west-1,us-west-2,eu-central-1,eu-west-1,ap-southeast-1,ap-southeast-2,ap-northeast-1,ap-northeast-2,sa-east-1,us-gov-west-1,cn-north-1,ap-south-1 -
Default value is
"us-east-1"
The AWS Region
secret_access_key
edit- Value type is string
- There is no default value for this setting.
The AWS Secret Access Key
session_token
edit- Value type is string
- There is no default value for this setting.
The AWS Session token for temporary credential
statistics
edit- Value type is array
-
Default value is
["SampleCount", "Average", "Minimum", "Maximum", "Sum"]
Specify the statistics to fetch for each namespace
tags
edit- Value type is array
- There is no default value for this setting.
Add any number of arbitrary tags to your event.
This can help with processing later.
type
edit- Value type is string
- There is no default value for this setting.
Add a type field to all events handled by this input.
Types are used mainly for filter activation.
The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.
If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.