For other versions, see theVersioned plugin docs.
For plugins not bundled by default, it is easy to install by running bin/logstash-plugin install logstash-input-cloudwatch
. See Working with plugins for more details.
For questions about the plugin, open a topic in the Discuss forums. For bugs or feature requests, open an issue in Github.For the list of Elastic supported plugins, please consult the Elastic Support Matrix.
Pull events from the Amazon Web Services CloudWatch API.
To use this plugin, you must have an AWS account, and the following policy
Typically, you should setup an IAM policy, create a user and apply the IAM policy to the user.A sample policy for EC2 metrics is as follows:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1444715676000", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" }, { "Sid": "Stmt1444716576170", "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": "*" } ]}
See http://aws.amazon.com/iam/ for more details on setting up AWS identities.
input { cloudwatch { namespace => "AWS/EC2" metrics => [ "CPUUtilization" ] filters => { "tag:Group" => "API-Production" } region => "us-east-1" }}
input { cloudwatch { namespace => "AWS/EBS" metrics => ["VolumeQueueLength"] filters => { "tag:Monitoring" => "Yes" } region => "us-east-1" }}
input { cloudwatch { namespace => "AWS/RDS" metrics => ["CPUUtilization", "CPUCreditUsage"] filters => { "EngineName" => "mysql" } # Only supports EngineName, DatabaseClass and DBInstanceIdentifier region => "us-east-1" }}
This plugin supports the following configuration options plus the Common Options described later.
Setting | Input type | Required |
---|---|---|
No |
||
No |
||
No |
||
No |
||
See note |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
||
No |
Also see Common Options for a list of options supported by allinput plugins.
This plugin uses the AWS SDK and supports several ways to get credentials, which will be tried in this order:
access_key_id
and secret_access_key
params in logstash plugin configaws_credentials_file
AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
AMAZON_ACCESS_KEY_ID
and AMAZON_SECRET_ACCESS_KEY
Path to YAML file containing a hash of AWS credentials.This file will only be loaded if access_key_id
andsecret_access_key
aren’t set. The contents of thefile should look like this:
:access_key_id: "12345" :secret_access_key: "54321"
false
Use this for namespaces that need to combine the dimensions like S3 and SNS.
The endpoint to connect to. By default it is constructed using the value of region
.This is useful when connecting to S3 compatible services, but beware that these aren’tguaranteed to work correctly with the AWS SDK.
This setting is optional when the namespace is AWS/EC2
. Otherwise this is a required field.
Specify the filters to apply when fetching resources. Follow the AWS convention:
Each namespace uniquely support certain dimensions. Please consult the documentationto ensure you’re using valid filters.
900
Set how frequently CloudWatch should be queried
The default, 900
, means check every 15 minutes. Setting this value too low(generally less than 300) results in no metrics being returned from CloudWatch.
["CPUUtilization", "DiskReadOps", "DiskWriteOps", "NetworkIn", "NetworkOut"]
Specify the metrics to fetch for the namespace. The defaults are AWS/EC2 specific. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.htmlfor the available metrics for other namespaces.
"AWS/EC2"
If undefined, LogStash will complain, even if codec is unused.The service namespace of the metrics to fetch.
The default is for the EC2 service. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.htmlfor valid values.
300
Set the granularity of the returned datapoints.
Must be at least 60 seconds and in multiples of 60.
URI to proxy server if required
The AWS IAM Role to assume, if any.This is used to generate temporary credentials, typically for cross-account access.See the AssumeRole API documentation for more information.
"logstash"
Session name to use when assuming an IAM role.
The AWS Secret Access Key
The AWS Session token for temporary credential
["SampleCount", "Average", "Minimum", "Maximum", "Sum"]
Specify the statistics to fetch for each namespace
true
Make sure we require the V1 classes when including this module.require aws-sdk will load v2 classes.Should we require (true) or disable (false) using SSL for communicating with the AWS APIThe AWS SDK for Ruby defaults to SSL so we preserve that
The following configuration options are supported by all input plugins:
"plain"
The codec used for input data. Input codecs are a convenient method for decoding your data before it enters the input, without needing a separate filter in your Logstash pipeline.
true
Disable or enable metric logging for this specific plugin instanceby default we record all the metrics we can, but you can disable metrics collectionfor a specific plugin.
Add a unique ID
to the plugin configuration. If no ID is specified, Logstash will generate one.It is strongly recommended to set this ID in your configuration. This is particularly usefulwhen you have two or more plugins of the same type, for example, if you have 2 cloudwatch inputs.Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.
input { cloudwatch { id => "my_plugin_id" }}
Add any number of arbitrary tags to your event.
This can help with processing later.
Add a type
field to all events handled by this input.
Types are used mainly for filter activation.
The type is stored as part of the event itself, so you canalso use the type to search for it in Kibana.
If you try to set a type on an event that already has one (forexample when you send an event from a shipper to an indexer) thena new input will not override the existing type. A type set atthe shipper stays with that event for its life evenwhen sent to another Logstash server.