I am currently using AWS Elasticsearch service. AWS CloudWatch sends the log data to AWS Elasticsearch.
I have daily indexes created as below through a Lambda function which sends the CloudWatch logs to AWS Elasticsearch.
cwl-2019.01.23
cwl-2019.01.22
cwl-2019.01.21
I could not explore these index data through GrayLog. I don’t want to create an input on GrayLog. I just want to explore already existing elastic data on GrayLog. Is it possible or not?
Thanks for the response. Why impossible? How can I use Graylog with AWS Elasticsearch & AWS CloudWatch Logs?
As I understand, I must ingest logs to Graylog somehow and Graylog writes to elastic; but I could not find a way for AWS CloudWatch logs.
Why impossible? How can I use Graylog with AWS Elasticsearch & AWS CloudWatch Logs?
I do not say it is impossible - but I wrote that what you request is not possible.
As @macko003 wrote Graylog needs to process the message as some additional (meta) information are stored together with the message. Such what user is allowed to see the information etc. That is why you would need to ingest the AWS Logs to Graylog, let Graylog process the messages and then store in AWS Elasticsearch.
Graylog is not like Kibana, that is the reason what you request is not possible.
Hi,
I am rather new to graylog and log-monitoring but I am glad I found this post the other day, I was trying to figure out the same issue, for almost 3 months now.
In addition to the last posts, would it be possible to create a pipeline for logs from filebeat, into logstash, into graylog, then into Elasticsearch?
If it is not allowed to ask “new” questions in one post, then just tell me and I will start a new discussion.