I am trying to forward all AWS ECS logs to Logstash. Checking some documentation for that I only found ways to have specific Cloudwatch logs groups defined:
input {
cloudwatch_logs {
log_group => ["/aws/ecs/a","/aws/ecs/b","/aws/ecs/c","/aws/ecs/d","/aws/ecs/e","/aws/ecs/f"]
start_position => "end"
access_key_id => "<access_key>"
secret_access_key => "<secret_access_key>"
region => "eu-west-2"
tags => ["cloudwatch_syslog"]
}
}
Is any way to forward all logs inside "/aws/ecs/*"?
Other nice solution possible?
Using AWS Firelens for log forwarding works fine.
https://docs.newrelic.com/docs/logs/forward-logs/aws-firelens-plugin-log-forwarding/