All Apps and Add-ons
Highlighted

What should a stream metric regex look like for AWS Addon CloudWatchLogs

Path Finder

Hello
I need to stream access_logs from aws from different directories such as
/directory/subdirectory1/subdirectory2/subdirectory3/various cryptic numbers/var/log/apache2/access.log.

I would need something like /ecs/service/apache-tls10/PROD-apache-tls10/*/var/log/apache2/access.log because
.*/var/log/apache2/access.log sends to many logs since there are other directories in the loggroup starting with a different directory name which we do not need to index.
Reading docs and splunk answers did not point me to a useful example explaining exactly what a 'stream matching regex' should look like. What ever I try I find this entry in _internal:
2019-09-05 06:04:01,758 level=ERROR pid=19218 tid=MainThread logger=splunk
taaws.modinputs.inspector pos=util.py:call:163 | | message="Failed to execute function=run, error=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk
TAaws/bin/3rdparty/splunktalib/common/util.py", line 160, in _call__
return func(args, *kwargs)
File "/opt/splunk/etc/apps/SplunkTAaws/bin/splunktaaws/modinputs/inspector/init.py", line 53, in run
dorun()
File "/opt/splunk/etc/apps/SplunkTAaws/bin/splunktaaws/modinputs/inspector/init.py", line 30, in dorun
aiconf.AWSInspectorConf, "awsinspector", logger)
File "/opt/splunk/etc/apps/Splunk
TAaws/bin/splunktaaws/common/taawscommon.py", line 136, in getconfigs
tasks = conf.gettasks()
File "/opt/splunk/etc/apps/Splunk
TAaws/bin/splunktaaws/modinputs/inspector/awsinspectorconf.py", line 60, in gettasks
cleanupcheckpoints(tasks, config)
File "/opt/splunk/etc/apps/SplunkTAaws/bin/splunktaaws/modinputs/inspector/awsinspectorconf.py", line 119, in cleanupcheckpoints
internals = store.getstate("internals")
File "/opt/splunk/etc/apps/Splunk
TAaws/bin/3rdparty/splunktalib/statestore.py", line 155, in getstate
state = json.load(jsonfile)
File "/opt/splunk/lib/python2.7/json/
init.py", line 291, in load
**kw)
File "/opt/splunk/lib/python2.7/json/
init.py", line 339, in loads
return _default
decoder.decode(s)
File "/opt/splunk/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.rawdecode(s, idx=w(s, 0).end())
File "/opt/splunk/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
"

can anyone provide an example for that please?

0 Karma