Configure logstash to read logs from Amazon S3 bucket

Asked Aug 05 '15 at 13:39

Active Aug 06 '15 at 12:43

Viewed 5,951 times

I have been trying to configure logstash to read logs which are getting generated in my amazon S3 bucket, but have not been successful. Below are the details :

I have installed logstash on an ec2 instance
My logs are all gz files in the s3 bucket
The conf file looks like below :

  input {
    s3 {
      access_key_id => "MY_ACCESS_KEY_ID"
      bucket => "MY_BUCKET"
      region => "MY_REGION"
      secret_access_key => "MY_SECRET_ACESS_KEY"
      prefix => "/"
      type => "s3"
      add_field => { source => gzfiles }
    }
  }

  filter {
    if [type] == "s3" {
      csv {
        columns => [ "date", "time", "x-edge-location", "sc-bytes", "c-ip", "cs-method", "Host", "cs-uri-stem", "sc-status", "Referer", "User-Agent", "cs-uri-query", "Cookie", "x-edge-result-type", "x-edge-request-id" ]  
      }
    }

    if([message] =~ /^#/) {
      drop{}
    } 
  }

  output {
    elasticsearch {
      host => "ELASTICSEARCH_URL" protocol => "http"
    } 
  }

edited Aug 06 '15 at 12:43

Franck

asked Aug 05 '15 at 13:39

user1697058

Do you have any error in the log file? – mherbert Aug 05 '15 at 14:28
Nopes. Added separator => "\t" within csv to get it working. – user1697058 Aug 06 '15 at 14:53

Configure logstash to read logs from Amazon S3 bucket

0 Answers0