We wanted to have diff. log groups for each server in cloudwatch and for each server we would have for ie. secure logstreams. So for example, I would have 3 log groups: testServerA, testServerB,testServerC and under each of those groups, I would have logstream1 with data.
I want to be able to get all the logstream1 data for testServerA/B/C. Can I have an input with log group: testServer* and stream matching regex of logstream1?
Per the docs, wildcards are not supported at this time for log group names. http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs
I am also having this issue. I have tried * and .+ regex but it won't work. It is requiring the exact log group name.
Hi Michael,
I see the new version of this add-on was released on Oct13 viz. 4.1.1.
Have you upgraded to new version of this add-on? If yes, is the regex working in new version? I do not see any release notes for the new version of add-on, so in a dark here on what was fixed and what not.
https://answers.splunk.com/answers/473926/after-upgrading-the-splunk-add-on-for-amazon-web-s.html
I have a similar question too.
I have multiple log groups like:
/aws/sample/Pattern1-random1-random2
/aws/sample/Pattern1-random3-random4
/aws/sample/Pattern1-random5-random6-random7
How do I specify a regular expression in "Log Group" Name that satisfies all these?
I have tried /aws/sample/Pattern1*
, /aws/sample/Pattern1[-A-Za-z]+
and a bunch of others.
But I receive this error:
{u'message': u"2 validation errors detected: Value '' at 'logGroupName' failed to satisfy constraint: Member must have length greater than or equal to 1; Value '' at 'logGroupName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\.\\-_/#A-Za-z0-9]+", u'__type': u'InvalidParameterException'}
Does anyone has any thoughts on this?
It doesn't look like there is currently a work around. According to the regex in the error, you can only have digits, letters, ".", "-", "_", and "/". This sound to me like its not using regex to find the log group name.