All Apps and Add-ons

In the Splunk Add-on for Amazon Web Services input page, can I use a wildcard for the log group field?

odoisneau
Engager

We wanted to have diff. log groups for each server in cloudwatch and for each server we would have for ie. secure logstreams. So for example, I would have 3 log groups: testServerA, testServerB,testServerC and under each of those groups, I would have logstream1 with data.

I want to be able to get all the logstream1 data for testServerA/B/C. Can I have an input with log group: testServer* and stream matching regex of logstream1?

rpille_splunk
Splunk Employee
Splunk Employee

Per the docs, wildcards are not supported at this time for log group names. http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs

0 Karma

michael_kushma
Path Finder

I am also having this issue. I have tried * and .+ regex but it won't work. It is requiring the exact log group name.

0 Karma

vsingla1
Communicator

Hi Michael,
I see the new version of this add-on was released on Oct13 viz. 4.1.1.
Have you upgraded to new version of this add-on? If yes, is the regex working in new version? I do not see any release notes for the new version of add-on, so in a dark here on what was fixed and what not.

https://answers.splunk.com/answers/473926/after-upgrading-the-splunk-add-on-for-amazon-web-s.html

0 Karma

vsingla1
Communicator

I have a similar question too.

I have multiple log groups like:

/aws/sample/Pattern1-random1-random2
/aws/sample/Pattern1-random3-random4
/aws/sample/Pattern1-random5-random6-random7

How do I specify a regular expression in "Log Group" Name that satisfies all these?
I have tried /aws/sample/Pattern1*, /aws/sample/Pattern1[-A-Za-z]+ and a bunch of others.

But I receive this error:

{u'message': u"2 validation errors detected: Value '' at 'logGroupName' failed to satisfy constraint: Member must have length greater than or equal to 1; Value '' at 'logGroupName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\.\\-_/#A-Za-z0-9]+", u'__type': u'InvalidParameterException'}
0 Karma

vsingla1
Communicator

Does anyone has any thoughts on this?

0 Karma

michael_kushma
Path Finder

It doesn't look like there is currently a work around. According to the regex in the error, you can only have digits, letters, ".", "-", "_", and "/". This sound to me like its not using regex to find the log group name.

0 Karma
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...