You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've noticed that we do not receive all of the AWS Cloudtrail events created in our ElasticSearch cluster. For example i might intentionally trigger 10 Console login failures, but end up receiving only 3-4 in our Elasticsearch. I confirmed and all of the events are in the s3 bucket. What is the best way to troubleshoot?
The behavior you indicate is very strange and might be exposing a bug. To further troubleshoot, we can first identify if the logs are arriving at the manager. For that, we can enable logall and check archives file to see if all events are there. Remember to restart the manager after changing the configuration.
Hi, I'm having the same issue related to Cloudtrail integration. Seem that we're receiving events logs only from specific services (eg: no logs from secretsmanager and other services at all). There are updates on this issue?
Hello,
I've noticed that we do not receive all of the AWS Cloudtrail events created in our ElasticSearch cluster. For example i might intentionally trigger 10 Console login failures, but end up receiving only 3-4 in our Elasticsearch. I confirmed and all of the events are in the s3 bucket. What is the best way to troubleshoot?
all of the s3 plugins run in the master node.
Best,
Tony
The text was updated successfully, but these errors were encountered: