How to see IP Address behind Log Streams to CloudWatchAmazon Cloudwatch log filtering - JSON syntaxAWS Firehose not delivering to Redshift - where are the logs?Parse Cloudwatch Log Already Exported to S3AWS Kinesis Connector LibraryAWS Kinesis Firehose is not inserting data in RedshiftCan I stream CloudWatch log group to lambda from another account?Kinesis Agent reports error from python stream dataHow to preserve order of CloudWatch log stream events when transmitting them into another system?An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation
What did the Federation give the Prophets in exchange for access to the wormhole in DS9?
Rank-one positive decomposition for a entry-wise positive positive definite matrix
How to level a picture frame hung on a single nail?
IEEE 754 square root with Newton-Raphson
"Tenersi pronto" = to get ready or to be ready
How important is knowledge of trig identities for use in Calculus
How can I find places to store/land a private airplane?
Notation clarity question for a conglomerate of accidentals
Realistically, how much do you need to start investing?
Does the US Armed Forces refuse to recruit anyone with an IQ less than 83?
Isn't the detector always measuring, and thus always collapsing the state?
Can I bring this power bank on board the aircraft?
When Vesuvan Shapeshifter copies turn face up replacement effects, why do they work?
Missing quartile in boxplot
What is the difference between increasing volume and increasing gain?
How to identify whether a publisher is genuine or not?
Booting Ubuntu from USB drive on MSI motherboard -- EVERYTHING fails
Ĉi tie or ĉi-tie? Why do people sometimes hyphenate ĉi tie?
Re-entering the UK after overstaying in 2008
What action is recommended if your accommodation refuses to let you leave without paying additional fees?
Decision Variable Value from a Set (Gurobi)
GPLv3 forces us to make code available, but to who?
How closely correlated is culture to geography?
Could the Queen overturn the UK Supreme Court ruling regarding prorogation of Parliament?
How to see IP Address behind Log Streams to CloudWatch
Amazon Cloudwatch log filtering - JSON syntaxAWS Firehose not delivering to Redshift - where are the logs?Parse Cloudwatch Log Already Exported to S3AWS Kinesis Connector LibraryAWS Kinesis Firehose is not inserting data in RedshiftCan I stream CloudWatch log group to lambda from another account?Kinesis Agent reports error from python stream dataHow to preserve order of CloudWatch log stream events when transmitting them into another system?An error occurred (InvalidParameterException) when calling the PutSubscriptionFilter operation
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
I am currently using the Python library watchtower to stream JSON log files from a device to CloudWatch.
I now want to use AWS Kinesis Data Firehose to move the logs to Redshift. I am following this tutorial: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample
I am now setting up a subscription filter to move the logs. I would like to filter by the IP address the logs are streamed from. This article discusses implementing filters. Here is what I found:
$.sourceIPAddress != 123.123.*
The only problem is, I don't know how if CloudWatch even stores the source IP Address. Is there some way to query CloudWatch to get the source IP address?
amazon-web-services aws-cli amazon-kinesis-firehose amazon-cloudwatch
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
add a comment
|
I am currently using the Python library watchtower to stream JSON log files from a device to CloudWatch.
I now want to use AWS Kinesis Data Firehose to move the logs to Redshift. I am following this tutorial: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample
I am now setting up a subscription filter to move the logs. I would like to filter by the IP address the logs are streamed from. This article discusses implementing filters. Here is what I found:
$.sourceIPAddress != 123.123.*
The only problem is, I don't know how if CloudWatch even stores the source IP Address. Is there some way to query CloudWatch to get the source IP address?
amazon-web-services aws-cli amazon-kinesis-firehose amazon-cloudwatch
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
add a comment
|
I am currently using the Python library watchtower to stream JSON log files from a device to CloudWatch.
I now want to use AWS Kinesis Data Firehose to move the logs to Redshift. I am following this tutorial: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample
I am now setting up a subscription filter to move the logs. I would like to filter by the IP address the logs are streamed from. This article discusses implementing filters. Here is what I found:
$.sourceIPAddress != 123.123.*
The only problem is, I don't know how if CloudWatch even stores the source IP Address. Is there some way to query CloudWatch to get the source IP address?
amazon-web-services aws-cli amazon-kinesis-firehose amazon-cloudwatch
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
I am currently using the Python library watchtower to stream JSON log files from a device to CloudWatch.
I now want to use AWS Kinesis Data Firehose to move the logs to Redshift. I am following this tutorial: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#FirehoseExample
I am now setting up a subscription filter to move the logs. I would like to filter by the IP address the logs are streamed from. This article discusses implementing filters. Here is what I found:
$.sourceIPAddress != 123.123.*
The only problem is, I don't know how if CloudWatch even stores the source IP Address. Is there some way to query CloudWatch to get the source IP address?
amazon-web-services aws-cli amazon-kinesis-firehose amazon-cloudwatch
amazon-web-services aws-cli amazon-kinesis-firehose amazon-cloudwatch
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
edited Mar 28 at 21:23
rene
35k12 gold badges85 silver badges117 bronze badges
35k12 gold badges85 silver badges117 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
asked Mar 28 at 21:03
Intrastellar ExplorerIntrastellar Explorer
31415 bronze badges
31415 bronze badges
add a comment
|
add a comment
|
1 Answer
1
active
oldest
votes
You can query it if it's part of the log you are sending to the cloudwatch-logs. So if there is a json field "sourceIPAddress" in the log you can use your filter -
$.sourceIPAddress != 123.123.*
You can check the content of the log in the log-group/log-stream.
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
1
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
add a comment
|
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55406814%2fhow-to-see-ip-address-behind-log-streams-to-cloudwatch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can query it if it's part of the log you are sending to the cloudwatch-logs. So if there is a json field "sourceIPAddress" in the log you can use your filter -
$.sourceIPAddress != 123.123.*
You can check the content of the log in the log-group/log-stream.
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
1
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
add a comment
|
You can query it if it's part of the log you are sending to the cloudwatch-logs. So if there is a json field "sourceIPAddress" in the log you can use your filter -
$.sourceIPAddress != 123.123.*
You can check the content of the log in the log-group/log-stream.
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
1
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
add a comment
|
You can query it if it's part of the log you are sending to the cloudwatch-logs. So if there is a json field "sourceIPAddress" in the log you can use your filter -
$.sourceIPAddress != 123.123.*
You can check the content of the log in the log-group/log-stream.
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
You can query it if it's part of the log you are sending to the cloudwatch-logs. So if there is a json field "sourceIPAddress" in the log you can use your filter -
$.sourceIPAddress != 123.123.*
You can check the content of the log in the log-group/log-stream.
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
answered Mar 29 at 10:54
v_suktv_sukt
8543 silver badges19 bronze badges
8543 silver badges19 bronze badges
1
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
add a comment
|
1
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
1
1
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
Ahh that answers my question @v_sukt, I wasn't sure if it was built in behind the scenes. I guess it has to be explicit. Thanks!
– Intrastellar Explorer
Mar 29 at 16:21
add a comment
|
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55406814%2fhow-to-see-ip-address-behind-log-streams-to-cloudwatch%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
