All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What should a stream metric regex look like for AWS Addon CloudWatchLogs

gesa_behrens
Path Finder
‎09-04-2019 11:32 PM

Hello
I need to stream access_logs from aws from different directories such as
/directory/subdirectory1/subdirectory2/subdirectory3/various cryptic numbers/var/log/apache2/access.log.

I would need something like /ecs/service/apache-tls10/PROD-apache-tls10/*/var/log/apache2/access.log because
.*/var/log/apache2/access.log sends to many logs since there are other directories in the log_group starting with a different directory name which we do not need to index.
Reading docs and splunk answers did not point me to a useful example explaining exactly what a 'stream matching regex' should look like. What ever I try I find this entry in internal:
2019-09-05 06:04:01,758 level=ERROR pid=19218 tid=MainThread logger=splunk_ta_aws.modinputs.inspector pos=util.py:call:163 | | message="Failed to execute function=run, error=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/splunktalib/common/util.py", line 160, in __call_
return func(*args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/inspector/init.py", line 53, in run
do_run()
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/inspector/init.py", line 30, in _do_run
aiconf.AWSInspectorConf, "aws_inspector", logger)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/common/ta_aws_common.py", line 136, in get_configs
tasks = conf.get_tasks()
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/inspector/aws_inspector_conf.py", line 60, in get_tasks
_cleanup_checkpoints(tasks, config)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunk_ta_aws/modinputs/inspector/aws_inspector_conf.py", line 119, in _cleanup_checkpoints
internals = store.get_state("internals")
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/3rdparty/splunktalib/state_store.py", line 155, in get_state
state = json.load(jsonfile)
File "/opt/splunk/lib/python2.7/json/init.py", line 291, in load
**kw)
File "/opt/splunk/lib/python2.7/json/init_.py", line 339, in loads
return _default_decoder.decode(s)
File "/opt/splunk/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/opt/splunk/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
"

can anyone provide an example for that please?

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...