slooring/alb-logs-into-elk

Get Amazon ALB logs into your ELK stack

AWS ALB/ELB Logs for ELK

Usage

1. Setup an S3 Bucket for your logs from your AWS LB. Check this link out for more information on how to do that: AWS S3 Bucket LB Logs Setup
2. Configure an S3 input for your logstash instance, you can use the logstash-input-s3.conf here as a reference. Additional reference for the s3 input can be found here: Logstash s3 input plugin
3. Copy the filter (logstash-filter-alb-logs.conf) into your logstash configuration. This is the "meat and potatoes" that does the parsing of the ALB logs
4. Configure you output to elasticsearch (logstash-output-elasticsearch.conf for reference)
5. Load the grafana-dashboard.json into your Grafana instance (sorry no Kibana dashboard at this time)
6. ???
7. Profit

Requirements

• ELK Stack
• Grafana
  • Grafana plugins
    • Worldmap
    • Piechart