Support wildcard for cloudwatch logs input ids

[dchocoboo]

Currently in the inputs i specify in the block

- type: "cloudwatch-logs"
    id: "arn:aws:logs:ap-southeast-1:awsaccountid:log-group:myloggroup:*"
    outputs:
      - type: "elasticsearch"
        args:
          cloud_id: "${elastic_cloud_id}"
          api_key: "${elastic_api_key}"
          es_datastream_name: "logs-generic-default"
          batch_max_actions: 500 # optional: default value is 500
          batch_max_bytes: 10485760 # optional: default value is 10485760

would be nice if the log group can also use wildcard? instead of just log stream.

arn:aws:logs:ap-southeast-1:awsaccountid:log-group:application1-loggroup-*:*
arn:aws:logs:ap-southeast-1:awsaccountid:log-group:application2-loggroup-*:*

currently i have massive amounts of log groups to be ingested, while their outputs are identical. its really redundant to loop every single one of them

[girodav]

Hey @dchocoboo, apologies for the long delay. I added this to our backlog and let you know :).

[dimuskin]

Hey, this functionality would be very cool, we also have a large number of groups and it is very inconvenient to make a configuration for each.

[LiamStorkey]

👍🏻 would love this to be available too 🙏🏻

[keiransteele-phocas]

We were recommended the Serverless Forwarder by Elastic Support to help replace the 50+ integrations we are using in an Elastic Fleet policy to get logs out of Cloudwatch but without wildcards it unfortunately becomes a non-starter. I have been trying to make the DX for getting logs into Elastic from a number of apps and as most remaining logs going into Cloudwatch will be from Lambda's it will degrade the experience to require a config file in S3 to be updated when a simple naming scheme would be better. Hopefully you can give an update if this is being worked on.