All Apps and Add-ons

In the Splunk Add-on for Amazon Web Services input page, can I use a wildcard for the log group field?

odoisneau
Engager

We wanted to have diff. log groups for each server in cloudwatch and for each server we would have for ie. secure logstreams. So for example, I would have 3 log groups: testServerA, testServerB,testServerC and under each of those groups, I would have logstream1 with data.

I want to be able to get all the logstream1 data for testServerA/B/C. Can I have an input with log group: testServer* and stream matching regex of logstream1?

rpille_splunk
Splunk Employee
Splunk Employee

Per the docs, wildcards are not supported at this time for log group names. http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs

0 Karma

michael_kushma
Path Finder

I am also having this issue. I have tried * and .+ regex but it won't work. It is requiring the exact log group name.

0 Karma

vsingla1
Communicator

Hi Michael,
I see the new version of this add-on was released on Oct13 viz. 4.1.1.
Have you upgraded to new version of this add-on? If yes, is the regex working in new version? I do not see any release notes for the new version of add-on, so in a dark here on what was fixed and what not.

https://answers.splunk.com/answers/473926/after-upgrading-the-splunk-add-on-for-amazon-web-s.html

0 Karma

vsingla1
Communicator

I have a similar question too.

I have multiple log groups like:

/aws/sample/Pattern1-random1-random2
/aws/sample/Pattern1-random3-random4
/aws/sample/Pattern1-random5-random6-random7

How do I specify a regular expression in "Log Group" Name that satisfies all these?
I have tried /aws/sample/Pattern1*, /aws/sample/Pattern1[-A-Za-z]+ and a bunch of others.

But I receive this error:

{u'message': u"2 validation errors detected: Value '' at 'logGroupName' failed to satisfy constraint: Member must have length greater than or equal to 1; Value '' at 'logGroupName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\.\\-_/#A-Za-z0-9]+", u'__type': u'InvalidParameterException'}
0 Karma

vsingla1
Communicator

Does anyone has any thoughts on this?

0 Karma

michael_kushma
Path Finder

It doesn't look like there is currently a work around. According to the regex in the error, you can only have digits, letters, ".", "-", "_", and "/". This sound to me like its not using regex to find the log group name.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...