Before you begin, you’ll need: Metricbeat 7, root access
Choose a policy
Later in this process, you’ll create an IAM group and user. But before you do that, you’ll need to choose or create a policy with the right permissions.
If you already have a policy you want to use, you can skip to step 2.
In the Identity and Access Management page, click Policies in the left menu, then click Create policy.
You’ll see a box titled Select a service.
In the Service option, click Choose a service.
Search for a service you want to send metrics from. For this example, we’ll use EC2.
Under Access level, select List and Read.
In the Resources option, select All resources.
To add more services, click Add additional permissions, and give each service List and Read access.
When you’ve added all the services you want to collect metrics from, click Review policy.
Give a Name that lets you know this is for Logz.io metrics, such as “logzio-metrics-policy”.
Click Create policy.
Attach a group to the policy
If you already have a group you want to use, attach the policy from step 1 to it. You can skip to step 3.
In the Identity and Access Management page, click Groups in the left menu, then click Create New Group.
Give a Group Name that lets you know this is for Logz.io metrics, such as “logzio-metrics-group”.
Click Next Step to continue to the Attach Policy page.
Select the policy you created in step 1 (“logzio-metrics-policy” in this example), and then click Next Step.
Click Create group.
Attach a user to the group
If you already have a user you want to use, attach it to the group from step 2. You can skip to step 4.
In the Identity and Access Management page, click Users in the left menu, then click Add user.
Give a User name that lets you know this is for Logz.io metrics, such as “logzio-metrics-user”.
Select Programmatic access so we can give this user an access key and secret key later on.
Click Next: Permissions to continue.
Under Set permissions, click Add user to group.
Under Add user to group, select the group you created in step 2 (“logzio-metrics-group” in this example).
Click Next: Tags to continue.
Add any optional tags you want. Click Next: Review to continue, and then click Create user.
Copy the Access key ID and Secret access key. You’ll need these for your Metricbeat configuration file later.
Download the Logz.io certificate
For HTTPS shipping, download the Logz.io public certificate to your certificate authority folder.
sudo wget https://raw.githubusercontent.com/logzio/public-certificates/master/COMODORSADomainValidationSecureServerCA.crt -P /etc/pki/tls/certs/
Clean the contents of the default Metricbeat configuration file
The sample code block lays out the default options for collecting metrics from EC2 and CloudWatch.
<<SHIPPING-TOKEN>> with the token of the account you want to ship to.
<<LISTENER-HOST>> with your region’s listener host (for example,
listener.logz.io). For more information on finding your account’s region, see Account region.
metricbeat.modules: - period: 300s # Must be multiples of 60 module: aws metricsets: - ec2 - cloudwatch metrics: - namespace: AWS/Lambda access_key_id: <<YOUR-AWS-ACCESS-KEY>> secret_access_key: <<YOUR-AWS-SECRET-KEY>> - period: 60s # Must be multiples of 60 module: aws metricsets: - cloudwatch metrics: - namespace: AWS/Kinesis - namespace: AWS/Firehose access_key_id: <<YOUR-AWS-ACCESS-KEY>> secret_access_key: <<YOUR-AWS-SECRET-KEY>> fields: logzio_codec: json token: <<SHIPPING-TOKEN>> fields_under_root: true ignore_older: 3hr type: aws_metrics #. Logz.io output output.logstash: hosts: ["<<LISTENER-HOST>>:5015"] ssl.certificate_authorities: ['/etc/pki/tls/certs/COMODORSADomainValidationSecureServerCA.crt']
Start or restart Metricbeat for the changes to take effect.
Check Logz.io for your metrics
Give your metrics a few minutes to get from your system to ours, and then open Logz.io.