Skip to content

Instantly share code, notes, and snippets.

@BrockReece

BrockReece/cloudwatch-pipeline.conf

Last active September 10, 2020 18:16
Show Gist options
  • Save BrockReece/01162ce1a55a9c4137d87b520c72772a to your computer and use it in GitHub Desktop.
Save BrockReece/01162ce1a55a9c4137d87b520c72772a to your computer and use it in GitHub Desktop.
Download ZIP
Logstash cloudwatch output sample pipeline
Raw
cloudwatch-pipeline.conf
input {
http_poller {
urls => {
node => {
method => get
url => "http://localhost:9200/_cluster/health"
headers => {
Accept => "application/json"
}
}
}
request_timeout => 10
interval => 10
codec => "json"
type => 'cloudwatch'
}
}
filter {
if [type] == "cloudwatch" {
mutate {
add_field => ["CW_metricname", "ElasticNodes"]
add_field => ["CW_unit", "Count"]
add_field => ["CW_value", "%{number_of_nodes}"]
add_field => ["CW_dimensions", "Cluster", "CW_dimensions", "%{cluster_name}"]
}
}
}
output {
if [type] == "cloudwatch" {
cloudwatch {
access_key_id => "MYACCESSID"
secret_access_key => "SECRET"
region => "eu-west-1"
}
}
}
@takeansel
Copy link

Does this actually work for you? I am having multiple fields send to cloudwatch, but it only just ends up one metric in cloudwatch.

    mutate {
      add_field => ["CW_metricname", "technicalErrors","CW_metricname","nodes"]
      add_field => ["CW_unit", "Count", "CW_unit", "Count"]
      add_field => ["CW_value", "%{[total][technicalErrors]}", "CW_value", "%{[total][nodes]}"]
    }

just reports technicalErrors and drops nodes.

Did you ever figured out how to send multiple fields?

Also following up on this -- any solution or comment on this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment