Hi All,
I'm using elastic.co hosted solution, the way to reproduce the error is:
- Create an Agent policy
- Add Custom AWS Log package/integration.
- Enable "Collect Logs from CloudWatch"
- Enter a "Log group ARN", "Region Name" and "Log Stream Prefix"
- Save and apply.
After doing that, you will notice that property "Log Stream Prefix" is not used. The reason seems to be the following one:
There exist a key mismatch between the field manifest for log_streamS_prefix (streams in plural) defined in manifest (
|
- name: log_streams_prefix |
) and
log_stream_prefix (stream in singular) used in the template file:
|
log_stream_prefix: {{ log_stream_prefix }} |
The workaround I'm using right now is to do what was described in steps 2-4 using the API (POST, api/fleet/package_policies) and push my package with both keys in vars section of the json sent.
I hope you guys can take this and fix it soon in reward all the hours I spent tracing this bug. :)
Hi All,
I'm using elastic.co hosted solution, the way to reproduce the error is:
After doing that, you will notice that property "Log Stream Prefix" is not used. The reason seems to be the following one:
There exist a key mismatch between the field manifest for
log_streamS_prefix(streams in plural) defined in manifest (integrations/packages/aws_logs/data_stream/generic/manifest.yml
Line 45 in 6c883f3
log_stream_prefix(stream in singular) used in the template file:integrations/packages/aws_logs/data_stream/generic/agent/stream/aws-cloudwatch.yml.hbs
Line 43 in 6c883f3
The workaround I'm using right now is to do what was described in steps 2-4 using the API (POST,
api/fleet/package_policies) and push my package with both keys invarssection of the json sent.I hope you guys can take this and fix it soon in reward all the hours I spent tracing this bug. :)