You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When ESF processes the AWSLogs/123/vpcflowlogs/eu-central-11/2024/07/11/123_vpcflowlogs_eu-central-1_fl-0cea9cbf050c152d5_20240711T0000Z_123eabd0.log.gz object, it creates a document with the following fields:
However, since the AWSLogs/123/vpcflowlogs/eu-central-11/2024/07/11/123_vpcflowlogs_eu-central-1_fl-0cea9cbf050c152d5_20240711T0000Z_123eabd0.log.gz comes from the eu-central-1 region, the user expects the document to have the following content:
Context
I am creating an issue for a user who reported it using a private channel.
In this scenario, the user consolidates VPC logs from multiple regions in a single S3 bucket and uses ESF to ingest all VPC logs from the S3 bucket.
ESF creates documents with the region of the S3 bucket instead of the region of the S3 object.
Current behavior
My understanding of the region problem is that the user:
my-vpcflow-logs
hosted on the regioneu-north-1
.AWSLogs/123/vpcflowlogs/eu-central-11/2024/07/11/123_vpcflowlogs_eu-central-1_fl-0cea9cbf050c152d5_20240711T0000Z_123eabd0.log.gz
object, it creates a document with the following fields:Expected behavior
AWSLogs/123/vpcflowlogs/eu-central-11/2024/07/11/123_vpcflowlogs_eu-central-1_fl-0cea9cbf050c152d5_20240711T0000Z_123eabd0.log.gz
comes from theeu-central-1
region, the user expects the document to have the following content:Notes
In the current version, ESF uses the region from the notification S3 published in the SQS queue.
The text was updated successfully, but these errors were encountered: