I am wondering how I can know what host an event in httpd's access/error logs corresponds with once that data is brought into CloudWatch. I use virtual hosts on apache. I currently have a file per vhost like so...
/var/log/httpd/access/site1.log
/var/log/httpd/access/site2.log
I am using CloudWatch Agent configuration like this:
[[inputs.logfile.file_config]]
file_path = "/var/log/httpd/access/*.log"
from_beginning = true
log_group_name = "apache-access"
log_stream_name = "i-012345..."
pipe = false
Other than creating a configuration block for every single file, are there options to add a dimension to the logs I create in CloudWatch that denotes the virtual host?
Is the filename a variable that can be used in the conf perhaps?... log_group_name = "apache-access/{logfile}"
or something like that?
I suppose an alternative is writing all vhosts to the same log files and then using an Environment Variable in my log format - but I think that would only work with access logs and not error logs.
What is my best strategy here?
I am migrating this from an ELK stack where the filename was being leveraged in the event data.