You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit elastic.co/guide.

AWS

Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.

Version
2.13.1 (View all)
Compatible Kibana version(s)
8.12.0 or higher
Supported Serverless project types

Security
Observability
Subscription level
Basic
Level of support
Elastic

The AWS integration is used to fetch logs and metrics from Amazon Web Services.

Use the AWS integration to collect metrics and logs across many AWS services managed by your AWS account. Visualize that data in Kibana, create alerts to notify you if something goes wrong, and reference data when troubleshooting an issue.

Extra AWS charges on CloudWatch API requests will be generated by this integration. Please see API Requests for more details.

Data streams

The AWS integration collects two types of data, logs and metrics, across many AWS services.

Logs help you keep a record of events that happen in your AWS account. This may include every user request that CloudFront receives, every action taken on your services by an AWS user or role, and more.

Metrics give you insight into the state of your AWS services. This may include understanding where you're spending the most and why, the volume of storage you're using, CPU utilization of your instances, and more.

For a complete list of all AWS services and the data streams available for each, see Reference.

API requests

Overview

The AWS integration uses different AWS API to bootstrap and collect metrics and logs. The following table illustrates which APIs are used by the AWS integration and how.

AWS API NameAWS API CountFrequencyDatastream
IAM ListAccountAliases
1
Once on startup
all
STS GetCallerIdentity
1
Once on startup
all
EC2 DescribeRegions
1
Once on startup
all
CloudWatch ListMetrics
Total number of results / ListMetrics max page size (500, based on AWS API ListMetrics
Per region per collection period
metrics related only
CloudWatch GetMetricData
Total number of results / GetMetricData max page size (500, based on AWS API GetMetricData
Per region per namespace per collection period
metrics related only
CloudWatch DescribeLogGroups
Total number of results / DescribeLogGroups max page size (50, based on AWS API DescribeLogGroups
Per region per collection period
logs related only
CloudWatch FilterLogEvents
Total number of results / FilterLogEvents max page size (1MB or 10'0000 events, based on AWS API FilterLogEvents
Per log group per region per collection period
logs related only
CostExplorer GetCostAndUsage
Total number of results / GetCostAndUsage max page size (8192, based on AWS API GetCostAndUsage
Per CostExplorer Group Definition per region per collection period
AWS Billing
S3 ListObjectsV2
Total number of results / ListObjectsV2 max page size (up to 1,000, based on AWS API FilterLogEvents
Per bucket per region per collection period
logs related only
S3 GetObject
1
Per object per collection period
logs related only
SecurityHub GetFindings
Total number of results / GetFindings max page size ( 100, based on AWS API GetFindings
Per region per collection period
AWS Security Hub
SecurityHub GetInsights
Total number of results / GetInsights max page size ( 100, based on AWS API GetInsights
Per region per collection period
AWS Security Hub

Each of these APIs may generate extra charges on your AWS Account. Please refer to AWS Princing for more information.

Metrics collection and cost considerations

For each AWS service you enable metrics data collection for, the AWS integration will collect metrics in all the AWS regions where there are available metrics for that service. The collection period is also set to sensible defaults that should fit the majority of use cases.

The extra-charges generated by GetMetricData API calls are proportional to the frequency we collect data and the amount of metrics that are queried for. If you are concerned about the cost derived by enabling any metrics collection, we recommend reviewing the following parameters:

  • Regions. By selecting only the AWS Regions you are interested in, you can make sure that no unnecessary Cloudwatch API call is performed against irrelevant AWS regions.
  • Collection Period and Data Granularity. By setting Collection Period and Data Granularity together, you can control, respectively, how frequently you want your metrics to be collected and how granular they have to be. If you can tolerate an extra delay in retrieving metrics as trade off, you may consider setting data_granularity and increase the value for Collection Period to reduce extra charges. For example, setting Data Granularity to your current value for Period, and doubling the value of Period, may lead to a 50% savings.
  • Tags Filter. By specifying a tag, you can ensure that no Cloudwatch API call is performed for AWS resources you are not interested in.

Cross-account observability

The include_linked_accounts parameter is used to enable the inclusion of metrics from different accounts linked to a main monitoring account. By setting this parameter to true, users can gather metrics from multiple AWS accounts that are linked through the CloudWatch cross-account observability. By default, the include_linked_accounts parameter is set to false, meaning that only metrics from the main monitoring account are collected. When set to true, the parameter allows the CloudWatch ListMetrics API to include metrics from the monitoring account and all linked source accounts in the returned data, providing a comprehensive cross-account view.

Note: Users should ensure that the necessary IAM roles and policies are properly set up in order to link the monitoring account and source accounts together. Please see Link monitoring accounts with source accounts for more details.

Requirements

Before using the AWS integration you will need:

  • AWS Credentials to connect with your AWS account.
  • AWS Permissions to make sure the user you're using to connect has permission to share the relevant data.

AWS Credentials

AWS credentials are required for running AWS integrations. There are a few ways to provide AWS credentials:

  • Use access keys directly
  • Use temporary security credentials
  • Use a shared credentials file
  • Use an IAM role Amazon Resource Name (ARN)

Use access keys directly

Access keys are long-term credentials for an IAM user or the AWS account root user. To use access keys as credentials, you need to provide:

  • access_key_id: The first part of the access key.
  • secret_access_key: The second part of the access key.

For more details see AWS Access Keys and Secret Access Keys.

Use temporary security credentials

Temporary security credentials can be configured in AWS to last for some period of time. They consist of an access key ID, a secret access key, and a security token, which is typically returned using GetSessionToken. IAM users with multi-factor authentication (MFA) enabled need to submit an MFA code while calling GetSessionToken. For more details see Temporary Security Credentials.

You can use AWS CLI to generate temporary credentials. For example, you would use sts get-session-token if you have MFA enabled:

aws> sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456

Then, use the response to provide the following options to the AWS integration:

  • access_key_id: The first part of the access key.
  • secret_access_key: The second part of the access key.
  • session_token: A token required when using temporary security credentials.

Because temporary security credentials are short term, after they expire, you will need to generate new ones and manually update the package configuration to continue collecting AWS metrics. This will cause data loss if the configuration is not updated with the new credentials before the old ones expire.

Use a shared credentials file

If you use different credentials for different tools or applications, you can use profiles to configure multiple access keys in the same configuration file. For more details see Create Shared Credentials File

Instead of providing the access_key_id and secret_access_key directly to the integration, you will provide two advanced options to look up the access keys in the shared credentials file:

  • credential_profile_name: The profile name in shared credentials file.
  • shared_credential_file: The directory of the shared credentials file.

Note: If you don't provide values for all keys, the integration will use defaults:

  • If access_key_id, secret_access_key and role_arn are all not provided, then the package will check for credential_profile_name.
  • If there is no credential_profile_name given, the default profile will be used.
  • If shared_credential_file is empty, the default directory will be used.
    • In Windows, shared credentials file is located at C:\Users\<yourUserName>\.aws\credentials.
    • For Linux, macOS, or Unix, the file is located at ~/.aws/credentials.

Use an IAM role Amazon Resource Name (ARN)

An IAM role ARN is an IAM identity that you can create in your AWS account. You determine what the role has permission to do. A role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role it provides you with temporary security credentials for your role session. IAM role ARN can be used to specify which AWS IAM role to assume to generate temporary credentials. For more details see AssumeRole API documentation.

To use an IAM role ARN, you need to provide either a credential profile or access keys along with the role_arn advanced option. role_arn is used to specify which AWS IAM role to assume for generating temporary credentials.

Note: If role_arn is given, the package will check if access keys are given. If they are not given, the package will check for a credential profile name. If neither is given, the default credential profile will be used.

AWS Permissions

Specific AWS permissions are required for the IAM user to make specific AWS API calls. To enable the AWS integration to collect metrics and logs from all supported services, make sure these permissions are given:

  • ce:GetCostAndUsage
  • cloudwatch:GetMetricData
  • cloudwatch:ListMetrics
  • ec2:DescribeInstances
  • ec2:DescribeRegions
  • iam:ListAccountAliases
  • logs:DescribeLogGroups
  • logs:FilterLogEvents
  • organizations:ListAccounts
  • rds:DescribeDBInstances
  • rds:ListTagsForResource
  • s3:GetObject
  • sns:ListTopics
  • sqs:ChangeMessageVisibility
  • sqs:DeleteMessage
  • sqs:ListQueues
  • sqs:ReceiveMessage
  • sts:AssumeRole
  • sts:GetCallerIdentity
  • tag:GetResources

Setup

Use the AWS integration to connect to your AWS account and collect data from multiple AWS services. When you configure the integration, you can collect data from as many AWS services as you'd like.

If you only need to collect data from one AWS service, consider using the individual integration (for example, to only collect monitoring metrics for EC2, you can configure only the AWS EC2 integration).

For step-by-step instructions on how to set up an integration, see the Getting started guide.

Debug

Latency causes missing metrics

Some AWS services send monitoring metrics to CloudWatch with a latency to process larger than the integration collection period. This will cause data points missing or none get collected by the agent. In this case, please specify a latency parameter so collection start time and end time will be shifted by the given latency amount.

In order to check how much the latency is, you can log into the AWS CloudWatch portal. Wait till a new point to show up in AWS CloudWatch and record the current timestamp. Compare the timestamp of this latest data point with the current timestamp to see what's the difference. This difference can be used as latency.

For example, the screenshot below is taken at 2023-05-09 22:30 UTC and the timestamp for the last data point is 2023-05-09 22:15 UTC. This means there is a 15min delay between the current time and CloudWatch. With this information, we should add a latency configuration for 15m when adding the integration.

Reference

Below is an overview of the type of data you can collect from each AWS service. Visit the page for each individual AWS integration to see details about exported fields.

ServiceMetricsLogs
API Gateway
x
Billing
x
CloudFront
x
CloudTrail
x
CloudWatch
x
x
DynamoDB
x
EBS
x
EC2
x
x
ECS
x
ELB
x
x
Fargate
x
Kinesis
x
Network Firewall
x
x
Lambda
x
NAT Gateway
x
Redshift
x
RDS
x
Route 53
x
S3
x
x
S3 Storage Lens
x
SNS
x
SQS
x
Transit Gateway
x
Usage
x
VPC Flow
x
VPN
x
WAF
x
Custom
x

Changelog

VersionDetailsKibana version(s)

2.13.1

Enhancement View pull request
Update latency parameter description

8.12.0 or higher

2.13.0

Enhancement View pull request
Add Amazon MSK integration

8.12.0 or higher

2.12.2

Bug fix View pull request
Fix an issue were the "_id" field was being used to aggregate data in Severity Over Time dashboard.

8.12.0 or higher

2.12.1

Enhancement View pull request
Add cloudsecurity_cdr sub category label.

8.12.0 or higher

2.12.0

Enhancement View pull request
Enable 'secret' for the sensitive fields.

8.12.0 or higher

2.11.3

Bug fix View pull request
Fix query range calculation for GuardDuty datastream.

8.10.2 or higher

2.11.2

Bug fix View pull request
Remove hardcoded event.dataset field and use ecs instead.

8.10.2 or higher

2.11.1

Enhancement View pull request
Improve wording on milliseconds.

8.10.2 or higher

2.11.0

Enhancement View pull request
Convert Total Estimated Charges panel to new metric visualization.

8.10.2 or higher

2.10.2

Bug fix View pull request
Fix dimensions fingerprint field

8.10.2 or higher

2.10.1

Bug fix View pull request
Fix exclude_files pattern.

8.10.2 or higher

2.10.0

Enhancement View pull request
Convert "AWS Redshift metrics overview" visualizations to new metric.

8.10.2 or higher

2.9.1

Bug fix View pull request
Change SQS metrics statistic method, which includes changing ApproximateAgeOfOldestMessage from average to max, changing NumberOfMessagesDeleted, NumberOfEmptyReceives, NumberOfMessagesReceived and NumberOfMessagesSent from average to sum.

8.9.0 or higher

2.9.0

Enhancement View pull request
Limit request tracer log count to five.

8.9.0 or higher

2.8.6

Bug fix View pull request
Add missing fields from beats input

8.9.0 or higher

2.8.5

Enhancement View pull request
Update donut charts with pie for better representation

8.9.0 or higher

2.8.4

Bug fix View pull request
Remove unused aws..metrics..* and aws.s3.bucket.name

8.9.0 or higher

2.8.3

Bug fix View pull request
Include documentation and mappings for subfields of dns.answers

Bug fix View pull request
Fix mapping for tags and dynamic metric fields

8.9.0 or higher

2.8.2

Bug fix View pull request
Add null checks and ignore_missing checks to the rename processor

8.9.0 or higher

2.8.1

Bug fix View pull request
Fix incorrect billing metrics displayed under AWS Billing overview dashboard.

8.9.0 or higher

2.8.0

Enhancement View pull request
Allow configuration of TLD for guardduty, inspector, and security hub datastreams.

8.9.0 or higher

2.7.0

Enhancement View pull request
Add tags.yml file so that integration's dashboards and saved searches are tagged with "Security Solution" and displayed in the Security Solution UI.

Enhancement View pull request
Upgrade package spec to 3.0.0.

Bug fix View pull request
Fix duplicated and invalid field definitions.

Bug fix View pull request
Add missing dashboard filters.

8.9.0 or higher

2.6.1

Bug fix View pull request
Fix AWS API Gateway logs dashboard lens

8.9.0 or higher

2.6.0

Enhancement View pull request
ECS version updated to 8.10.0.

8.9.0 or higher

2.5.0

Enhancement View pull request
Update Cloudtrail datastream to support tlsDetails field

8.9.0 or higher

2.4.1

Bug fix View pull request
Fix Security Hub Findings to abide by ECS allowed values.

8.9.0 or higher

2.4.0

Bug fix View pull request
Add AWS API Gateway metrics dashboards for each API type and additional filters which ensure data consistency

8.9.0 or higher

2.3.0

Enhancement View pull request
Change include_linked_accounts default to true

8.9.0 or higher

2.2.1

Bug fix View pull request
Fix GuardDuty API call parameter.

8.9.0 or higher

2.2.0

Enhancement View pull request
Add AWS API Gateway metrics dashboard Stage filter, control groups and clean up

8.9.0 or higher

2.1.2

Bug fix View pull request
Fix AWS API Gateway metrics dashboard

8.9.0 or higher

2.1.1

Enhancement View pull request
Improve AWS API Gateway dashboard

8.9.0 or higher

2.1.0

Enhancement View pull request
Enable TSDB by default for EC2 metrics data stream. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.9.0 or higher

2.0.0

Enhancement View pull request
Remove deprecated option for "Cloudwatch via S3"from the AWS CloudWatch integration. If you are using it take note that logs WON'T BE ingested via this route anymore once you update.

8.9.0 or higher

1.53.5

Enhancement View pull request
Set metric type in EC2 data stream fields.

8.9.0 or higher

1.53.4

Enhancement View pull request
Add dimension fields to EC2 data stream.

8.9.0 or higher

1.53.3

Enhancement View pull request
Add missing fields definition for ec2

8.9.0 or higher

1.53.2

Bug fix View pull request
Remove the remove processor since rename processor removes old field already.

8.9.0 or higher

1.53.1

Enhancement View pull request
Disable TSDB on AWS Billing.

8.9.0 or higher

1.53.0

Enhancement View pull request
Add AWS API Gateway custom acccess logging fields.

8.9.0 or higher

1.52.1

Enhancement View pull request
Use default color for AWS dashboards metric charts.

8.9.0 or higher

1.52.0

Enhancement View pull request
Enable TSDB by default for cloudwatch metrics data stream. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.9.0 or higher

1.51.3

Bug fix View pull request
Remove hardcoded event.dataset field and use ecs instead.

8.8.1 or higher

1.51.2

Enhancement View pull request
Disable TSDB on AWS Billing.

8.8.1 or higher

1.51.1

Enhancement View pull request
Use object metric type for the cloudwatch metrics

8.8.1 or higher

1.51.0

Enhancement View pull request
Add standalone S3 option for vpcflow

8.8.1 or higher

1.50.6

Enhancement View pull request
Add metric_type metadata to the cloudwatch data_stream

8.8.1 or higher

1.50.5

Enhancement View pull request
Migrate AWS Security Hub dashboards to lens.

8.8.1 or higher

1.50.4

Enhancement View pull request
Migrate AWS VPC dashboard visualizations to lens.

8.8.1 or higher

1.50.3

Enhancement View pull request
Add EMR logs dashboard.

8.8.1 or higher

1.50.2

Enhancement View pull request
Migrate AWS Billing dashboard visualizations to lens.

8.8.1 or higher

1.50.1

Enhancement View pull request
Add AWS API Gateway logs dashboard.

8.8.1 or higher

1.50.0

Enhancement View pull request
Add EMR logs data stream.

8.8.1 or higher

1.49.0

Enhancement View pull request
Add API Gateway logs datastream

8.8.1 or higher

1.48.0

Enhancement View pull request
Adding missing fields for the CloudTrail datastream - add option for standalone S3 bucket

8.8.1 or higher

1.47.1

Enhancement View pull request
Migrate AWS Redshift dashboard input controls.

8.8.1 or higher

1.47.0

Enhancement View pull request
Migrate AWS S3 Server Access Log Overview dashboard visualizations to lens.

8.8.1 or higher

1.46.9

Enhancement View pull request
Migrate AWS Network Firewall dashboard input controls.

8.8.1 or higher

1.46.8

Enhancement View pull request
Add dimensions metadata to the cloudwatch data_stream

8.8.1 or higher

1.46.7

Enhancement View pull request
Enable time series data streams for the API Gateway and EMR data streams. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.8.1 or higher

1.46.6

Enhancement View pull request
Update metric type and set dimension fields for AWS EMR data stream.

8.8.1 or higher

1.46.5

Enhancement View pull request
Fix metric type for API Gateway metric fields.

8.8.1 or higher

1.46.4

Enhancement View pull request
Set dimensions fields for API Gateway data stream.

—

1.46.3

Enhancement View pull request
Add missing S3 fields for vpcflow

8.8.1 or higher

1.46.2

Enhancement View pull request
Enable time series data streams for the S3 daily storage and S3 request datasets. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.8.1 or higher

1.46.1

Enhancement View pull request
Enable time series data streams for the Usage dataset. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.8.1 or higher

1.46.0

Enhancement View pull request
Enable time series data streams for the metrics datasets Billing, DynamoDB, EBS, ECS, ELB, Firewall, Kinesis, Lambda, NAT gateway, RDS, Redshift, S3 Storage Lens, SNS, SQS, Transit Gateway and VPN. This improves storage usage and query performance. For more details, see https://www.elastic.co/guide/en/elasticsearch/reference/current/tsds.html.

8.8.1 or higher

1.45.9

Enhancement View pull request
Add new fingerprint dimension to AWS Billing.

8.8.1 or higher

1.45.8

Enhancement View pull request
Add metric_type metadata to s3_daily_storage and s3_request data streams.

8.8.1 or higher

1.45.7

Enhancement View pull request
Add dimension fields metadata to s3_request and s3_data_storage data streams to support TSDB

8.8.1 or higher

1.45.6

Enhancement View pull request
Add metric type to S3 Storage Lens.

8.8.1 or higher

1.45.4

Enhancement View pull request
Set dimension fields for S3 Storage Lens.

8.8.1 or higher

1.45.3

Bug fix View pull request
Remove aws.dimensions.* from package-fields.yml

8.8.1 or higher

1.45.2

Enhancement View pull request
Add AWS EMR metrics dashboard.

8.8.1 or higher

1.45.1

Enhancement View pull request
Add AWS API Gateway dashboard.

8.8.1 or higher

1.45.0

Enhancement View pull request
Add AWS EMR metrics data stream.

8.8.1 or higher

1.44.4

Enhancement View pull request
Migrate AWS Metric Overview dashboard visualizations to lens.

8.8.1 or higher

1.44.3

Enhancement View pull request
Migrate AWS ELB Access Log dashboard visualizations to lens.

8.8.1 or higher

1.44.2

Bug fix View pull request
Fix image link in readme

8.8.1 or higher

1.44.1

Enhancement View pull request
Migrate AWS TransitGateway metrics dashboard to lenses.

8.8.1 or higher

1.44.0

Enhancement View pull request
Add permissions to reroute events to logs-- for cloudwatch_logs and ec2_logs datastream.

8.8.1 or higher

1.43.2

Enhancement View pull request
Add documentation for latency parameter

8.8.1 or higher

1.43.1

Enhancement View pull request
Add tags_filter and include_linked_accounts config parameter in missing metric data streams.

8.8.1 or higher

1.43.0

Enhancement View pull request
Add include_linked_accounts config parameter for metrics data streams.

8.8.1 or higher

1.42.0

Enhancement View pull request
Add field agent.id to be set as dimension for TSDB migration.

8.7.1 or higher

1.41.0

Enhancement View pull request
Migrate AWS NATGateway metrics dashboard visualizations to lenses.

8.7.1 or higher

1.40.9

Enhancement View pull request
Migrate AWS ELB metrics dashboard visualizations to lenses.

8.7.1 or higher

1.40.8

Enhancement View pull request
Migrate EC2 metrics dashboard visualizations to lenses.

8.7.1 or higher

1.40.7

Enhancement View pull request
Add AWS Firewall metrics dashboard input control groups.

8.7.1 or higher

1.40.6

Enhancement View pull request
Migrate AWS S3 Storage Lens dashboard visualizations to lens.

8.7.1 or higher

1.40.5

Enhancement View pull request
Migrate Usage Overview dashboard to lenses.

8.7.1 or higher

1.40.4

Enhancement View pull request
Migrate AWS CloudTrail dashboard visualizations to lenses.

8.7.1 or higher

1.40.3

Enhancement View pull request
Add fields metric type to usage, dynamoDB and ELB data streams.

8.7.1 or higher

1.40.2

Enhancement View pull request
Replace aws.rds.db_instance.identifier with aws.dimensions.DBInstanceIdentifier in RDS dashboard.

8.7.1 or higher

1.40.1

Enhancement View pull request
Add link to main AWS requirements in all integrations page.

8.7.1 or higher

1.40.0

Enhancement View pull request
Add metric type to SNS, SQS and Billing data streams.

8.7.1 or higher

1.39.0

Enhancement View pull request
Add AWS API Gateway data stream.

8.7.1 or higher

1.38.4

Enhancement View pull request
Add dimension fields to billing, sns and sqs data streams.

8.7.1 or higher

1.38.3

Enhancement View pull request
Add dimension fields to firewall, transit gateway and vpn data streams.

8.7.1 or higher

1.38.2

Enhancement View pull request
Add metric type to vpn, firewall and transit gateway data streams.

8.7.1 or higher

1.38.1

Enhancement View pull request
Add metric type to RDS data stream.

8.7.1 or higher

1.38.0

Enhancement View pull request
Add dimensions to RDS data stream.

8.7.1 or higher

1.37.3

Bug fix View pull request
Fix incorrect fields on multiple visualizations.

8.7.1 or higher

1.37.2

Enhancement View pull request
Migrate AWS RDS metrics dashboard to lenses.

8.7.1 or higher

1.37.1

Enhancement View pull request
Migrate AWS SNS dashboard visualizations to lenses.

8.7.1 or higher

1.37.0

Enhancement View pull request
Migrate AWS SQS metrics dashboard visualizations to lenses.

8.7.1 or higher

1.36.9

Enhancement View pull request
Migrate AWS VPN metrics dashboard to lenses.

8.7.1 or higher

1.36.8

Enhancement View pull request
Add dimension fields to usage, dynamoDB and ELB data streams.

8.7.1 or higher

1.36.7

Enhancement View pull request
Add dimension fields to Lambda data stream for TSDB support.

8.7.1 or higher

1.36.6

Enhancement View pull request
Add metric type to natgateway data stream fields.

8.7.1 or higher

1.36.5

Enhancement View pull request
Add metric type to EBS fields.

8.7.1 or higher

1.36.4

Enhancement View pull request
Add support for TSDB on kinesis data stream (metric type).

8.7.1 or higher

1.36.3

Enhancement View pull request
Add dimensions to Redshift data stream.

8.7.1 or higher

1.36.2

Enhancement View pull request
Add metric type mapping to Redshift data stream.

8.7.1 or higher

1.36.1

Enhancement View pull request
Add dimension fields to natgateway data stream.

8.7.1 or higher

1.36.0

Enhancement View pull request
Add metric type to Lambda fields.

8.7.1 or higher

1.35.1

Bug fix View pull request
Fix typo in field name causing erroneous timestamp detection on the s3access data stream.

8.7.1 or higher

1.35.0

Enhancement View pull request
Add a new flag to enable request tracing on httpjson based input

8.7.1 or higher

1.34.5

Enhancement View pull request
Migrate AWS Lambda metrics dashboard visualizations to lenses.

8.6.0 or higher

1.34.4

Enhancement View pull request
Migrate AWS DynamoDB metrics dashboard visualizations to lenses.

8.6.0 or higher

1.34.3

Enhancement View pull request
Add field metric type to ECS data stream.

8.6.0 or higher

1.34.2

Enhancement View pull request
Add dimension fields to Kinesis datastream.

8.6.0 or higher

1.34.1

Enhancement View pull request
Add dimension fields to ECS datastream for TSDB support.

8.6.0 or higher

1.34.0

Enhancement View pull request
Add dimensions to EBS data stream.

8.6.0 or higher

1.33.3

Enhancement View pull request
Add number_of_workers and latency to all CloudWatch Logs based integrations.

8.6.0 or higher

1.33.2

Bug fix View pull request
Add missing permissions in the AWS Billing integration documentation.

8.6.0 or higher

1.33.1

Bug fix View pull request
Add missing permissions in the AWS CloudWatch Logs integration documentation.

8.6.0 or higher

1.33.0

Enhancement View pull request
Add latency configuration option on the CloudWatch Logs integration.

8.6.0 or higher

1.32.2

Bug fix View pull request
Fix a minor documentation format issue.

8.6.0 or higher

1.32.1

Enhancement View pull request
Added categories and/or subcategories.

8.6.0 or higher

1.32.0

Enhancement View pull request
Migrate AWS EBS dashboard visualizations to lenses.

8.6.0 or higher

1.31.0

Enhancement View pull request
Add a data stream for Amazon GuardDuty.

8.6.0 or higher

1.30.0

Enhancement View pull request
Add dashboards data streams filters.

8.6.0 or higher

1.29.1

Bug fix View pull request
Drop comments from CloudFront loglines

8.6.0 or higher

1.29.0

Enhancement View pull request
Add data_granularity parameter and rename period title to Collection Period.

8.6.0 or higher

1.28.3

Bug fix View pull request
Remove quotes from VPC flow log message field and move dot_expander processor to top

8.4.0 or higher

1.28.2

Bug fix View pull request
Add dot_expander processor to expand all fields with dot into object fields

Bug fix View pull request
Support VPC flow log with message field

8.4.0 or higher

1.28.1

Enhancement View pull request
Adjust kinesis integration to kinesis data stream

8.4.0 or higher

1.28.0

Enhancement View pull request
Enhance S3 integration dashboard

8.4.0 or higher

1.27.3

Bug fix View pull request
Support multiple forwarded IPs in cloudfront integration

8.4.0 or higher

1.27.2

Enhancement View pull request
Update the pagination termination condition.

8.4.0 or higher

1.27.1

Enhancement View pull request
Added a Summary Dashboard for AWS Security Hub.

8.4.0 or higher

1.27.0

Enhancement View pull request
Add Inspector data stream.

8.4.0 or higher

1.25.3

Bug fix View pull request
Remove duplicate fields from agent.yml and use ecs.yml for ECS fields

8.3.0 or higher

1.25.2

Bug fix View pull request
Update ec2 fields.yml doc

8.3.0 or higher

1.25.1

Bug fix View pull request
Remove duplicate 'content_type' config that causes errors while configurating the integration.

8.3.0 or higher

1.25.0

Enhancement View pull request
Force content type where json content is expected

8.3.0 or higher

1.24.6

Bug fix View pull request
Enhance Kinesis integration dashboard

8.3.0 or higher

1.24.5

Bug fix View pull request
Allow adding multiple processors in cloudfront logs.

8.3.0 or higher

1.24.4

Bug fix View pull request
Do not rely on dynamodb lightweight module metricset.

8.3.0 or higher

1.24.3

Bug fix View pull request
Fix adding processors in cloudfront logs.

8.3.0 or higher

1.24.2

Bug fix View pull request
Fix billing datastream agent template.

8.3.0 or higher

1.24.1

Bug fix View pull request
Fix aws.cloudtrail.request_id parsing

8.3.0 or higher

1.24.0

Bug fix View pull request
Expose Default Region setting to UI

8.3.0 or higher

1.23.4

Bug fix View pull request
Set default endpoint to empty string

8.3.0 or higher

1.23.3

Bug fix View pull request
Fix Billing Dashboard

8.3.0 or higher

1.23.2

Bug fix View pull request
Fix EC2 dashboard

8.3.0 or higher

1.23.1

Enhancement View pull request
Update all AWS documentation.

8.1.0 or higher

1.23.0

Bug fix View pull request
Fix file.path field in cloudtrail data stream to use json.digestS3Object

8.1.0 or higher

1.22.0

Enhancement View pull request
Update cloud.region parsing

8.1.0 or higher

1.21.0

Enhancement View pull request
Add Security Hub Findings and Insights data streams

8.1.0 or higher

1.20.0

Enhancement View pull request
Improve dashboards by removing individual visualizations from library

8.1.0 or higher

1.19.5

Enhancement View pull request
Move ebs metrics config from beats to integrations

7.15.0 or higher
8.0.0 or higher

1.19.4

Bug fix View pull request
Fix proxy URL documentation rendering.

7.15.0 or higher
8.0.0 or higher

1.19.3

Bug fix View pull request
Update sample_event.json in kinesis data stream

7.15.0 or higher
8.0.0 or higher

1.19.2

Enhancement View pull request
Move NATGateway metrics config from beats to integrations

7.15.0 or higher
8.0.0 or higher

1.19.1

Enhancement View pull request
Move Transit Gateway metrics config from beats to integrations

7.15.0 or higher
8.0.0 or higher

1.19.0

Enhancement View pull request
Add Kinesis metrics datastream

7.15.0 or higher
8.0.0 or higher

1.18.2

Enhancement View pull request
Move s3_request metrics config from beats to integrations

Enhancement View pull request
Move s3_daily_storage metrics config from beats to integrations

Enhancement View pull request
Move SQS metrics config from beats to integrations

Enhancement View pull request
Move SNS metrics config from beats to integrations

Enhancement View pull request
Move lambda metrics config from beats to integrations

7.15.0 or higher
8.0.0 or higher

1.18.1

Enhancement View pull request
Release AWS billing integration as GA

7.15.0 or higher
8.0.0 or higher

1.18.0

Enhancement View pull request
Add ECS metricset

Bug fix View pull request
Fix incorrect fields on multiple visualizations

7.15.0 or higher
8.0.0 or higher

1.17.5

Enhancement View pull request
Release Amazon Redshift integration as GA

7.15.0 or higher
8.0.0 or higher

1.17.4

Bug fix View pull request
Fix data_stream.dataset indentation on cloudwatch_logs integration

7.15.0 or higher
8.0.0 or higher

1.17.3

Bug fix View pull request
Add missing endpoint config to metrics datasets.

Enhancement View pull request
Move usage metrics config from beats to integrations

Enhancement View pull request
Move dynamodb metrics config from beats to integrations

7.15.0 or higher
8.0.0 or higher

1.17.2

Bug fix View pull request
Improve support for event.original field from upstream forwarders.

7.15.0 or higher
8.0.0 or higher

1.17.1

Bug fix View pull request
Fix misspelling of Log Stream Prefix variable in manifest for aws-cloudwatch input

7.15.0 or higher
8.0.0 or higher

1.17.0

Enhancement View pull request
Added Redshift integration

7.15.0 or higher
8.0.0 or higher

1.16.6

Enhancement View pull request
Update documentation with additional context for new users.

7.15.0 or higher
8.0.0 or higher

1.16.5

Enhancement View pull request
Move ELB metrics config from beats to integrations

—

1.16.4

Bug fix View pull request
Fix ELB dataset to parse URLs with spaces

Enhancement View pull request
Upgrade ECS to 8.2.0

7.15.0 or higher
8.0.0 or higher

1.16.3

Enhancement View pull request
Move RDS metrics config from beats to integrations

—

1.16.2

Enhancement View pull request
Move EC2 metrics config from beats to integrations

—

1.16.1

Bug fix View pull request
Fix invalid values for ECS fields in vpcflow

—

1.16.0

Enhancement View pull request
Move VPN configuration file into integrations and add tag collection

7.15.0 or higher
8.0.0 or higher

1.15.0

Enhancement View pull request
Deprecate s3 input in cloudwatch integration

Enhancement View pull request
Improve description for cloudwatch integration

—

1.14.8

Bug fix View pull request
Fix http.response.status_code to accept 000

7.15.0 or higher
8.0.0 or higher

1.14.7

Bug fix View pull request
Fix aws.dimensions.* for rds data stream

Bug fix View pull request
Fix aws.dimensions.* for sns data stream

Bug fix View pull request
Add aws.dimensions.* for dynamodb data stream

7.15.0 or higher
8.0.0 or higher

1.14.6

Enhancement View pull request
Improve s3 integration tile title and description

—

1.14.5

Bug fix View pull request
Fix duplicate titles for integrations

7.15.0 or higher
8.0.0 or higher

1.14.4

Bug fix View pull request
Fix cloudfront integration grok pattern

—

1.14.3

Enhancement View pull request
Add new pattern to VPC Flow logs including all 29 v5 fields

—

1.14.2

Bug fix View pull request
Fix billing dashboard.

—

1.14.1

Enhancement View pull request
Add documentation for multi-fields

—

1.14.0

Enhancement View pull request
Add configuration for max_number_of_messages to the aws.firewall_logs S3 input.

7.15.0 or higher
8.0.0 or higher

1.13.1

Bug fix View pull request
Fix metricbeat- reference in dashboard

7.15.0 or higher
8.0.0 or higher

1.13.0

Enhancement View pull request
Compress dashboard screenshots.

7.15.0 or higher
8.0.0 or higher

1.12.1

Bug fix View pull request
Fix field mapping conflicts in the elb_logs data stream relating to ECS fields (trace.id, source.port, and a few others).

7.15.0 or higher
8.0.0 or higher

1.12.0

Enhancement View pull request
Add CloudFront Logs Datastream

—

1.11.4

Bug fix View pull request
Add Ingest Pipeline script to map IANA Protocol Numbers

—

1.11.3

Bug fix View pull request
Changing missing ecs versions to 8.0.0

—

1.11.2

Bug fix View pull request
Add data_stream.dataset option for custom aws-cloudwatch log input

—

1.11.1

Bug fix View pull request
Update permission list

—

1.11.0

Enhancement View pull request
Update to ECS 8.0

7.15.0 or higher
8.0.0 or higher

1.10.2

Enhancement View pull request
Change cloudwatch metrics and logs default to false

7.15.0 or higher
8.0.0 or higher

1.10.1

Enhancement View pull request
Add description of supported vpcflow formats

—

1.10.0

Enhancement View pull request
Add cloudwatch input into AWS package for log collection

—

1.9.0

Enhancement View pull request
Add Route 53 Resolver Logs Datastream

7.15.0 or higher
8.0.0 or higher

1.8.0

Enhancement View pull request
Add Route 53 Public Zone Logs Datastream

—

1.7.1

Bug fix View pull request
Regenerate test files using the new GeoIP database

—

1.7.0

Enhancement View pull request
Add integration for AWS Network Firewall

—

1.6.2

Bug fix View pull request
Change test public IPs to the supported subset

—

1.6.1

Enhancement View pull request
Fix the value of event.created in CloudTrail data stream.

7.15.0 or higher
8.0.0 or higher

1.6.0

Enhancement View pull request
Add max_number_of_messages config option to AWS S3 input config.

—

1.5.1

Enhancement View pull request
Add missing sample events

7.15.0 or higher
8.0.0 or higher

1.5.0

Enhancement View pull request
Support Kibana 8.0

7.15.0 or higher
8.0.0 or higher

1.4.1

Enhancement View pull request
Add Overview dashboard for AWS S3 Storage Lens

7.15.0 or higher

1.4.0

Enhancement View pull request
Add integration for AWS S3 Storage Lens

—

1.3.2

Enhancement View pull request
Uniform with guidelines

—

1.3.1

Enhancement View pull request
Add config parameter descriptions

—

1.3.0

Enhancement View pull request
Add WAF datastream

—

1.2.2

Bug fix View pull request
Prevent pipeline script error

—

1.2.1

Bug fix View pull request
Fix logic that checks for the 'forwarded' tag

—

1.2.0

Enhancement View pull request
Update to ECS 1.12.0

—

1.1.0

Enhancement View pull request
vpcflow sync with filebeat fileset

7.14.0 or higher

1.0.0

Enhancement View pull request
Release AWS as GA

7.14.0 or higher

0.10.7

Enhancement View pull request
Add proxy config

—

0.10.6

Bug fix View pull request
Fix aws.billing.EstimatedCharges field name

—

0.10.5

Bug fix View pull request
Add event.created field

—

0.10.4

Enhancement View pull request
Improve RDS dashboard

—

0.10.3

Enhancement View pull request
Convert to generated ECS fields

—

0.10.2

Enhancement View pull request
update to ECS 1.11.0

—

0.10.1

Enhancement View pull request
Escape special characters in docs

—

0.10.0

Enhancement View pull request
Update integration description

—

0.9.3

Bug fix View pull request
Fix categories for each policy template

—

0.9.2

Enhancement View pull request
Add linked account information into billing metricset

—

0.9.1

Bug fix View pull request
Fix aws.s3access pipeline when remote IP is a -

—

0.9.0

Enhancement View pull request
Change default credential options to access keys

—

0.8.0

Enhancement View pull request
Set "event.module" and "event.dataset"

—

0.7.0

Enhancement View pull request
Introduce granularity using input_groups

—

0.6.4

Enhancement View pull request
Add support for Splunk authorization tokens

—

0.6.3

Bug fix View pull request
Fix bug in Third Party ingest pipeline

—

0.6.2

Bug fix View pull request
Removed incorrect http.request.referrer field from elb logs

—

0.6.1

Enhancement View pull request
Add support for CloudTrail Digest & Insight logs

—

0.6.0

Enhancement View pull request
Update ECS version, add event.original and preparing for package GA

—

0.5.6

Bug fix View pull request
Fix stack compatability

—

0.5.5

Enhancement View pull request
Allow role_arn work with access keys for AWS

—

0.5.4

Enhancement View pull request
Rename s3 input to aws-s3.

—

0.5.3

Enhancement View pull request
Add missing "geo" fields

—

0.5.2

Enhancement View pull request
update to ECS 1.9.0

—

0.5.1

Bug fix View pull request
Ignore missing "json" field in ingest pipeline

—

0.5.0

Enhancement View pull request
Moving edge processors to ingest pipeline

—

0.4.2

Enhancement View pull request
Updating package owner

—

0.4.1

Bug fix View pull request
Correct sample event file.

—

0.4.0

Enhancement View pull request
Add changes to use ECS 1.8 fields.

—

0.0.3

Enhancement View pull request
initial release

—

On this page