Can we use wildcards to for multiple entries.

lukewaite / logstash-input-cloudwatch-logs

Input plugin for Logstash to stream events from CloudWatch Logs

Other

142 stars 74 forks source link

Can we use wildcards to for multiple entries. #53

Open Shri-Harsha opened 6 years ago

Shri-Harsha commented 6 years ago

Mr. Luke, Can we use wildcards to take multiple entries, which follows same pattern(at least some part), as input?

Hainguyen1210 commented 6 years ago

I am looking for the same thing, It would be great to have.

vacri commented 6 years ago

Wildcards are available, but not as actual wildcard characters. 'log_group_prefix' changes the 'log_group' entry so that it will grab all log groups beginning with that prefix, rather than an exact match.

    cloudwatch_logs {
        log_group => [ "/prod" ]
        log_group_prefix => true
        tags => ["prod"]
    }

The above config fetches all my cloudwatch logs that start with "/prod"

Edit: while this is not strictly wildcarding, it does allow you to grab groups of logs with partial config.