diff --git a/packages/aws_bedrock_agentcore/_dev/build/docs/README.md b/packages/aws_bedrock_agentcore/_dev/build/docs/README.md index 9af44883593..0a494ac8274 100644 --- a/packages/aws_bedrock_agentcore/_dev/build/docs/README.md +++ b/packages/aws_bedrock_agentcore/_dev/build/docs/README.md @@ -35,6 +35,17 @@ For more details about these requirements, check the [AWS integration documentat * You can install only one Elastic Agent per host. * Elastic Agent is required to collect metrics from CloudWatch and ship the data to Elastic, where the events will then be processed through the integration's ingest pipelines. +### How to find the `log_group_arn` (for log-based datasets) + +Some datasets in this integration require the ARN of the CloudWatch log group where your AgentCore logs are stored. You can find it by: + +- Opening CloudWatch in the AWS Console +- Going to Logs > Log groups +- Selecting the log group used by your AgentCore deployment +- Copying the Log group ARN shown + +You can then use this ARN when configuring any log-based dataset. + ## Setup To use the Amazon Bedrock AgentCore metrics, ensure your agents are deployed and running. The integration will automatically collect metrics from the AWS/Bedrock-AgentCore CloudWatch namespace. For enhanced observability, enable detailed monitoring and logging for your AgentCore resources. @@ -67,4 +78,15 @@ The metrics include the following dimensions for enhanced filtering and analysis {{fields "metrics"}} ## Alerting Rule Template -{{alertRuleTemplates}} \ No newline at end of file +{{alertRuleTemplates}} + +## Logs + +### Runtime Application Logs + +Amazon Bedrock AgentCore runtime application logs provide detailed insights into agent execution, decision-making processes, and operational events. The integration collects comprehensive log data from your intelligent agents to help you understand agent behavior and troubleshoot issues. + +For more details about enabling logs for AgentCore, check the [Amazon Bedrock AgentCore Observability Guide](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-view.html). + +{{event "runtime_application_logs"}} +{{fields "runtime_application_logs"}} diff --git a/packages/aws_bedrock_agentcore/changelog.yml b/packages/aws_bedrock_agentcore/changelog.yml index 794af431fb1..1849e3d8e92 100644 --- a/packages/aws_bedrock_agentcore/changelog.yml +++ b/packages/aws_bedrock_agentcore/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "0.5.0" + changes: + - description: Add `runtime_application_logs` data stream. + type: enhancement + link: https://github.com/elastic/integrations/pull/15991 - version: "0.4.0" changes: - description: Add alerting rule templates for the gateway, identity, memory, browser tool and code interpreter. diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-array.log b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-array.log new file mode 100644 index 00000000000..4581d59ac48 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-array.log @@ -0,0 +1 @@ +{"resource_arn":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2","event_timestamp":1763962578048,"account_id":"627286350132","request_id":"083603b2-7b75-46ba-bf61-45c562764b68","session_id":"76d5c1a5-df2d-4299-b536-9f0302e344ab","span_id":"c128b28261d25f39","trace_id":"61fae24cf690c9866936148344883db0","service_name":"AgentCoreCodeRuntime","operation":"InvokeAgentRuntime","resource":{"attributes":{"cloud.provider":"aws","service.name":"customersupport.DEFAULT","cloud.resource_id":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9","cloud.platform":"aws_bedrock_agentcore"}},"attributes":{"aws.operation.name":"InvokeAgentRuntime","aws.request.id":"083603b2-7b75-46ba-bf61-45c562764b68","aws.account.id":"627286350132","aws.resource.type":"AWS::BedrockAgentCore::Runtime","session.id":"76d5c1a5-df2d-4299-b536-9f0302e344ab"},"timeUnixNano":1763962575492617002,"severityNumber":9,"severityText":"INFO","body":{"request_payload":{"prompt":[{"role":"system","content":"You are a helpful assistant"},{"role":"user","content":"Summarize my previous conversation"}],"actor_id":"DEFAULT"},"response_payload":null},"traceId":"61fae24cf690c9866936148344883db1","spanId":"c128b28261d25f34"} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-array.log-expected.json b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-array.log-expected.json new file mode 100644 index 00000000000..778af7b9bf8 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-array.log-expected.json @@ -0,0 +1,67 @@ +{ + "expected": [ + { + "@timestamp": "2025-11-24T05:36:18.048Z", + "aws": { + "bedrock_agentcore": { + "agent_name": "customersupport", + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "endpoint_name": "DEFAULT", + "operation": "InvokeAgentRuntime", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "request_payload_object": { + "actor_id": "DEFAULT", + "prompt": [ + { + "content": "You are a helpful assistant", + "role": "system" + }, + { + "content": "Summarize my previous conversation", + "role": "user" + } + ] + }, + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2", + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "severity_number": 9 + } + }, + "cloud": { + "account": { + "id": "627286350132" + }, + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "original": "{\"resource_arn\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2\",\"event_timestamp\":1763962578048,\"account_id\":\"627286350132\",\"request_id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"session_id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\",\"span_id\":\"c128b28261d25f39\",\"trace_id\":\"61fae24cf690c9866936148344883db0\",\"service_name\":\"AgentCoreCodeRuntime\",\"operation\":\"InvokeAgentRuntime\",\"resource\":{\"attributes\":{\"cloud.provider\":\"aws\",\"service.name\":\"customersupport.DEFAULT\",\"cloud.resource_id\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9\",\"cloud.platform\":\"aws_bedrock_agentcore\"}},\"attributes\":{\"aws.operation.name\":\"InvokeAgentRuntime\",\"aws.request.id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"aws.account.id\":\"627286350132\",\"aws.resource.type\":\"AWS::BedrockAgentCore::Runtime\",\"session.id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\"},\"timeUnixNano\":1763962575492617002,\"severityNumber\":9,\"severityText\":\"INFO\",\"body\":{\"request_payload\":{\"prompt\":[{\"role\":\"system\",\"content\":\"You are a helpful assistant\"},{\"role\":\"user\",\"content\":\"Summarize my previous conversation\"}],\"actor_id\":\"DEFAULT\"},\"response_payload\":null},\"traceId\":\"61fae24cf690c9866936148344883db1\",\"spanId\":\"c128b28261d25f34\"}", + "outcome": "success" + }, + "log": { + "level": "INFO" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "span": { + "id": "c128b28261d25f34" + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "trace": { + "id": "61fae24cf690c9866936148344883db1" + } + } + ] +} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-object.log b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-object.log new file mode 100644 index 00000000000..63ba856cbd4 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-object.log @@ -0,0 +1 @@ +{"resource_arn":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2","event_timestamp":1763962578048,"account_id":"627286350132","request_id":"083603b2-7b75-46ba-bf61-45c562764b68","session_id":"76d5c1a5-df2d-4299-b536-9f0302e344ab","span_id":"c128b28261d25f39","trace_id":"61fae24cf690c9866936148344883db0","service_name":"AgentCoreCodeRuntime","operation":"InvokeAgentRuntime","resource":{"attributes":{"cloud.provider":"aws","service.name":"customersupport.DEFAULT","cloud.resource_id":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9","cloud.platform":"aws_bedrock_agentcore"}},"attributes":{"aws.operation.name":"InvokeAgentRuntime","aws.request.id":"083603b2-7b75-46ba-bf61-45c562764b68","aws.account.id":"627286350132","aws.resource.type":"AWS::BedrockAgentCore::Runtime","session.id":"76d5c1a5-df2d-4299-b536-9f0302e344ab"},"timeUnixNano":1763962575492617002,"severityNumber":9,"severityText":"INFO","body":{"request_payload":{"prompt":{"role":"user","content":"Summarize my previous conversation","metadata":{"source":"web","timestamp":"2025-01-15T10:30:00Z"}},"actor_id":"DEFAULT"},"response_payload":null},"traceId":"61fae24cf690c9866936148344883db1","spanId":"c128b28261d25f34"} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-object.log-expected.json b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-object.log-expected.json new file mode 100644 index 00000000000..51fd6357575 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-prompt-object.log-expected.json @@ -0,0 +1,65 @@ +{ + "expected": [ + { + "@timestamp": "2025-11-24T05:36:18.048Z", + "aws": { + "bedrock_agentcore": { + "agent_name": "customersupport", + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "endpoint_name": "DEFAULT", + "operation": "InvokeAgentRuntime", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "request_payload_object": { + "actor_id": "DEFAULT", + "prompt": { + "content": "Summarize my previous conversation", + "metadata": { + "source": "web", + "timestamp": "2025-01-15T10:30:00Z" + }, + "role": "user" + } + }, + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2", + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "severity_number": 9 + } + }, + "cloud": { + "account": { + "id": "627286350132" + }, + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "original": "{\"resource_arn\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2\",\"event_timestamp\":1763962578048,\"account_id\":\"627286350132\",\"request_id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"session_id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\",\"span_id\":\"c128b28261d25f39\",\"trace_id\":\"61fae24cf690c9866936148344883db0\",\"service_name\":\"AgentCoreCodeRuntime\",\"operation\":\"InvokeAgentRuntime\",\"resource\":{\"attributes\":{\"cloud.provider\":\"aws\",\"service.name\":\"customersupport.DEFAULT\",\"cloud.resource_id\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9\",\"cloud.platform\":\"aws_bedrock_agentcore\"}},\"attributes\":{\"aws.operation.name\":\"InvokeAgentRuntime\",\"aws.request.id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"aws.account.id\":\"627286350132\",\"aws.resource.type\":\"AWS::BedrockAgentCore::Runtime\",\"session.id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\"},\"timeUnixNano\":1763962575492617002,\"severityNumber\":9,\"severityText\":\"INFO\",\"body\":{\"request_payload\":{\"prompt\":{\"role\":\"user\",\"content\":\"Summarize my previous conversation\",\"metadata\":{\"source\":\"web\",\"timestamp\":\"2025-01-15T10:30:00Z\"}},\"actor_id\":\"DEFAULT\"},\"response_payload\":null},\"traceId\":\"61fae24cf690c9866936148344883db1\",\"spanId\":\"c128b28261d25f34\"}", + "outcome": "success" + }, + "log": { + "level": "INFO" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "span": { + "id": "c128b28261d25f34" + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "trace": { + "id": "61fae24cf690c9866936148344883db1" + } + } + ] +} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-array.log b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-array.log new file mode 100644 index 00000000000..4cbee41ef12 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-array.log @@ -0,0 +1 @@ +{"resource_arn":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2","event_timestamp":1763962578048,"account_id":"627286350132","request_id":"083603b2-7b75-46ba-bf61-45c562764b68","session_id":"76d5c1a5-df2d-4299-b536-9f0302e344ab","span_id":"c128b28261d25f39","trace_id":"61fae24cf690c9866936148344883db0","service_name":"AgentCoreCodeRuntime","operation":"InvokeAgentRuntime","resource":{"attributes":{"cloud.provider":"aws","service.name":"customersupport.DEFAULT","cloud.resource_id":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9","cloud.platform":"aws_bedrock_agentcore"}},"attributes":{"aws.operation.name":"InvokeAgentRuntime","aws.request.id":"083603b2-7b75-46ba-bf61-45c562764b68","aws.account.id":"627286350132","aws.resource.type":"AWS::BedrockAgentCore::Runtime","session.id":"76d5c1a5-df2d-4299-b536-9f0302e344ab"},"timeUnixNano":1763962575492617002,"severityNumber":9,"severityText":"INFO","body":{"request_payload":{"prompt":"Summarize my previous conversation","actor_id":"DEFAULT"},"response_payload":[{"role":"assistant","content":"Here is your summary of the previous conversation."},{"role":"assistant","content":"Is there anything else you would like to know?"}]},"traceId":"61fae24cf690c9866936148344883db1","spanId":"c128b28261d25f34"} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-array.log-expected.json b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-array.log-expected.json new file mode 100644 index 00000000000..15d275ed268 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-array.log-expected.json @@ -0,0 +1,72 @@ +{ + "expected": [ + { + "@timestamp": "2025-11-24T05:36:18.048Z", + "aws": { + "bedrock_agentcore": { + "agent_name": "customersupport", + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "endpoint_name": "DEFAULT", + "operation": "InvokeAgentRuntime", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "request_payload": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "request_payload_object": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2", + "response_payload_object": [ + { + "content": "Here is your summary of the previous conversation.", + "role": "assistant" + }, + { + "content": "Is there anything else you would like to know?", + "role": "assistant" + } + ], + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "severity_number": 9 + } + }, + "cloud": { + "account": { + "id": "627286350132" + }, + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "original": "{\"resource_arn\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2\",\"event_timestamp\":1763962578048,\"account_id\":\"627286350132\",\"request_id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"session_id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\",\"span_id\":\"c128b28261d25f39\",\"trace_id\":\"61fae24cf690c9866936148344883db0\",\"service_name\":\"AgentCoreCodeRuntime\",\"operation\":\"InvokeAgentRuntime\",\"resource\":{\"attributes\":{\"cloud.provider\":\"aws\",\"service.name\":\"customersupport.DEFAULT\",\"cloud.resource_id\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9\",\"cloud.platform\":\"aws_bedrock_agentcore\"}},\"attributes\":{\"aws.operation.name\":\"InvokeAgentRuntime\",\"aws.request.id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"aws.account.id\":\"627286350132\",\"aws.resource.type\":\"AWS::BedrockAgentCore::Runtime\",\"session.id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\"},\"timeUnixNano\":1763962575492617002,\"severityNumber\":9,\"severityText\":\"INFO\",\"body\":{\"request_payload\":{\"prompt\":\"Summarize my previous conversation\",\"actor_id\":\"DEFAULT\"},\"response_payload\":[{\"role\":\"assistant\",\"content\":\"Here is your summary of the previous conversation.\"},{\"role\":\"assistant\",\"content\":\"Is there anything else you would like to know?\"}]},\"traceId\":\"61fae24cf690c9866936148344883db1\",\"spanId\":\"c128b28261d25f34\"}", + "outcome": "success" + }, + "log": { + "level": "INFO" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "span": { + "id": "c128b28261d25f34" + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "trace": { + "id": "61fae24cf690c9866936148344883db1" + } + } + ] +} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-object.log b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-object.log new file mode 100644 index 00000000000..d3954c76d68 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-object.log @@ -0,0 +1 @@ +{"resource_arn":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2","event_timestamp":1763962578048,"account_id":"627286350132","request_id":"083603b2-7b75-46ba-bf61-45c562764b68","session_id":"76d5c1a5-df2d-4299-b536-9f0302e344ab","span_id":"c128b28261d25f39","trace_id":"61fae24cf690c9866936148344883db0","service_name":"AgentCoreCodeRuntime","operation":"InvokeAgentRuntime","resource":{"attributes":{"cloud.provider":"aws","service.name":"customersupport.DEFAULT","cloud.resource_id":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9","cloud.platform":"aws_bedrock_agentcore"}},"attributes":{"aws.operation.name":"InvokeAgentRuntime","aws.request.id":"083603b2-7b75-46ba-bf61-45c562764b68","aws.account.id":"627286350132","aws.resource.type":"AWS::BedrockAgentCore::Runtime","session.id":"76d5c1a5-df2d-4299-b536-9f0302e344ab"},"timeUnixNano":1763962575492617002,"severityNumber":9,"severityText":"INFO","body":{"request_payload":{"prompt":"Summarize my previous conversation","actor_id":"DEFAULT"},"response_payload":{"text":"Here is your summary of the previous conversation.","metadata":{"tokens_used":150,"model":"claude-3"}}},"traceId":"61fae24cf690c9866936148344883db1","spanId":"c128b28261d25f34"} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-object.log-expected.json b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-object.log-expected.json new file mode 100644 index 00000000000..0e03651d408 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore-response-object.log-expected.json @@ -0,0 +1,69 @@ +{ + "expected": [ + { + "@timestamp": "2025-11-24T05:36:18.048Z", + "aws": { + "bedrock_agentcore": { + "agent_name": "customersupport", + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "endpoint_name": "DEFAULT", + "operation": "InvokeAgentRuntime", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "request_payload": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "request_payload_object": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2", + "response_payload_object": { + "metadata": { + "model": "claude-3", + "tokens_used": 150 + }, + "text": "Here is your summary of the previous conversation." + }, + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "severity_number": 9 + } + }, + "cloud": { + "account": { + "id": "627286350132" + }, + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "original": "{\"resource_arn\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2\",\"event_timestamp\":1763962578048,\"account_id\":\"627286350132\",\"request_id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"session_id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\",\"span_id\":\"c128b28261d25f39\",\"trace_id\":\"61fae24cf690c9866936148344883db0\",\"service_name\":\"AgentCoreCodeRuntime\",\"operation\":\"InvokeAgentRuntime\",\"resource\":{\"attributes\":{\"cloud.provider\":\"aws\",\"service.name\":\"customersupport.DEFAULT\",\"cloud.resource_id\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9\",\"cloud.platform\":\"aws_bedrock_agentcore\"}},\"attributes\":{\"aws.operation.name\":\"InvokeAgentRuntime\",\"aws.request.id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"aws.account.id\":\"627286350132\",\"aws.resource.type\":\"AWS::BedrockAgentCore::Runtime\",\"session.id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\"},\"timeUnixNano\":1763962575492617002,\"severityNumber\":9,\"severityText\":\"INFO\",\"body\":{\"request_payload\":{\"prompt\":\"Summarize my previous conversation\",\"actor_id\":\"DEFAULT\"},\"response_payload\":{\"text\":\"Here is your summary of the previous conversation.\",\"metadata\":{\"tokens_used\":150,\"model\":\"claude-3\"}}},\"traceId\":\"61fae24cf690c9866936148344883db1\",\"spanId\":\"c128b28261d25f34\"}", + "outcome": "success" + }, + "log": { + "level": "INFO" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "span": { + "id": "c128b28261d25f34" + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "trace": { + "id": "61fae24cf690c9866936148344883db1" + } + } + ] +} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore.log b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore.log new file mode 100644 index 00000000000..a37fcf9ac4f --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore.log @@ -0,0 +1 @@ +{"resource_arn":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2","event_timestamp":1763962578048,"account_id":"627286350132","request_id":"083603b2-7b75-46ba-bf61-45c562764b68","session_id":"76d5c1a5-df2d-4299-b536-9f0302e344ab","span_id":"c128b28261d25f39","trace_id":"61fae24cf690c9866936148344883db0","service_name":"AgentCoreCodeRuntime","operation":"InvokeAgentRuntime","resource":{"attributes":{"cloud.provider":"aws","service.name":"customersupport.DEFAULT","cloud.resource_id":"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9","cloud.platform":"aws_bedrock_agentcore"}},"attributes":{"aws.operation.name":"InvokeAgentRuntime","aws.request.id":"083603b2-7b75-46ba-bf61-45c562764b68","aws.account.id":"627286350132","aws.resource.type":"AWS::BedrockAgentCore::Runtime","session.id":"76d5c1a5-df2d-4299-b536-9f0302e344ab"},"timeUnixNano":1763962575492617002,"severityNumber":9,"severityText":"INFO","body":{"request_payload":{"prompt":"Summarize my previous conversation","actor_id":"DEFAULT"},"response_payload":null},"traceId":"61fae24cf690c9866936148344883db1","spanId":"c128b28261d25f34"} \ No newline at end of file diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore.log-expected.json b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore.log-expected.json new file mode 100644 index 00000000000..c51a7e6611d --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-aws-bedrock-agentcore.log-expected.json @@ -0,0 +1,62 @@ +{ + "expected": [ + { + "@timestamp": "2025-11-24T05:36:18.048Z", + "aws": { + "bedrock_agentcore": { + "agent_name": "customersupport", + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "endpoint_name": "DEFAULT", + "operation": "InvokeAgentRuntime", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "request_payload": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "request_payload_object": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2", + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "severity_number": 9 + } + }, + "cloud": { + "account": { + "id": "627286350132" + }, + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + } + }, + "ecs": { + "version": "8.11.0" + }, + "event": { + "original": "{\"resource_arn\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ2\",\"event_timestamp\":1763962578048,\"account_id\":\"627286350132\",\"request_id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"session_id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\",\"span_id\":\"c128b28261d25f39\",\"trace_id\":\"61fae24cf690c9866936148344883db0\",\"service_name\":\"AgentCoreCodeRuntime\",\"operation\":\"InvokeAgentRuntime\",\"resource\":{\"attributes\":{\"cloud.provider\":\"aws\",\"service.name\":\"customersupport.DEFAULT\",\"cloud.resource_id\":\"arn:aws:bedrock-agentcore:us-east-1:627286350132:runtime/customersupport-3OutfrDDJ9\",\"cloud.platform\":\"aws_bedrock_agentcore\"}},\"attributes\":{\"aws.operation.name\":\"InvokeAgentRuntime\",\"aws.request.id\":\"083603b2-7b75-46ba-bf61-45c562764b68\",\"aws.account.id\":\"627286350132\",\"aws.resource.type\":\"AWS::BedrockAgentCore::Runtime\",\"session.id\":\"76d5c1a5-df2d-4299-b536-9f0302e344ab\"},\"timeUnixNano\":1763962575492617002,\"severityNumber\":9,\"severityText\":\"INFO\",\"body\":{\"request_payload\":{\"prompt\":\"Summarize my previous conversation\",\"actor_id\":\"DEFAULT\"},\"response_payload\":null},\"traceId\":\"61fae24cf690c9866936148344883db1\",\"spanId\":\"c128b28261d25f34\"}", + "outcome": "success" + }, + "log": { + "level": "INFO" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "span": { + "id": "c128b28261d25f34" + }, + "tags": [ + "preserve_original_event", + "preserve_duplicate_custom_fields" + ], + "trace": { + "id": "61fae24cf690c9866936148344883db1" + } + } + ] +} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-common-config.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..ab602e478c7 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,5 @@ +--- +fields: + tags: + - preserve_original_event + - preserve_duplicate_custom_fields diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/agent/stream/aws-cloudwatch.yml.hbs b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/agent/stream/aws-cloudwatch.yml.hbs new file mode 100644 index 00000000000..aae33c4f181 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/agent/stream/aws-cloudwatch.yml.hbs @@ -0,0 +1,106 @@ +{{#unless log_group_name}} +{{#unless log_group_name_prefix}} +{{#if log_group_arn }} +log_group_arn: {{ log_group_arn }} +{{/if}} +{{/unless}} +{{/unless}} + +{{#unless log_group_arn}} +{{#unless log_group_name}} +{{#if log_group_name_prefix }} +log_group_name_prefix: {{ log_group_name_prefix }} +{{/if}} +{{#if include_linked_accounts_with_prefix }} +include_linked_accounts_for_prefix_mode: {{ include_linked_accounts_with_prefix }} +{{/if}} +{{#if number_of_workers }} +number_of_workers: {{ number_of_workers }} +{{/if}} +{{/unless}} +{{/unless}} + +{{#unless log_group_arn}} +{{#unless log_group_name_prefix}} +{{#if log_group_name }} +log_group_name: {{ log_group_name }} +{{/if}} +{{/unless}} +{{/unless}} + +{{#unless log_group_arn}} +region_name: {{ region_name }} +{{/unless}} + +{{#unless log_stream_prefix}} +{{#if log_streams }} +log_streams: {{ log_streams }} +{{/if}} +{{/unless}} + +{{#unless log_streams}} +{{#if log_stream_prefix }} +log_stream_prefix: {{ log_stream_prefix }} +{{/if}} +{{/unless}} + +{{#if start_position }} +start_position: {{ start_position }} +{{/if}} + +{{#if scan_frequency }} +scan_frequency: {{ scan_frequency }} +{{/if}} + +{{#if api_sleep }} +api_sleep: {{ api_sleep }} +{{/if}} + +{{#if latency }} +latency: {{ latency }} +{{/if}} + +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if default_region}} +default_region: {{default_region}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} +{{#if proxy_url }} +proxy_url: {{proxy_url}} +{{/if}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#if preserve_duplicate_custom_fields}} + - preserve_duplicate_custom_fields +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/agent/stream/aws-s3.yml.hbs b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/agent/stream/aws-s3.yml.hbs new file mode 100644 index 00000000000..f98ea627e5e --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/agent/stream/aws-s3.yml.hbs @@ -0,0 +1,171 @@ +{{! The aws-s3 input can be configured to read from an SQS queue or an S3 bucket. }} + +{{! start SQS queue }} +{{#unless bucket_arn}} +{{#unless non_aws_bucket_name}} +{{#unless access_point_arn}} +{{#if queue_url }} +queue_url: {{ queue_url }} +{{/if}} +{{/unless}} +{{/unless}} +{{/unless}} +{{! end SQS queue }} + +{{#unless queue_url}}{{! start S3 bucket polling }} + +{{! +When using an S3 bucket, you can specify only one of the following options: +- An AWS bucket ARN +- A non-AWS bucket name +}} + +{{! shared S3 bucket polling options }} +{{#if bucket_list_prefix }} +bucket_list_prefix: {{ bucket_list_prefix }} +{{/if}} + +{{#if bucket_list_interval }} +bucket_list_interval: {{ bucket_list_interval }} +{{/if}} + +{{#if start_timestamp}} +start_timestamp: {{start_timestamp}} +{{/if}} + +{{#if ignore_older}} +ignore_older: {{ignore_older}} +{{/if}} + +{{! AWS S3 bucket ARN options }} +{{#unless non_aws_bucket_name}} +{{#unless access_point_arn}} +{{#if bucket_arn }} +bucket_arn: {{ bucket_arn }} +{{/if}} +{{/unless}} +{{/unless}} + +{{! non-AWS S3 bucket ARN options }} +{{#unless bucket_arn}} +{{#unless access_point_arn}} +{{#if non_aws_bucket_name }} +non_aws_bucket_name: {{ non_aws_bucket_name }} +{{/if}} +{{/unless}} +{{/unless}} + +{{! AWS S3 Access Point ARN options }} +{{#unless bucket_arn}} +{{#unless non_aws_bucket_name}} +{{#if access_point_arn }} +access_point_arn: {{ access_point_arn }} +{{/if}} +{{/unless}} +{{/unless}} + +{{/unless}}{{! end S3 bucket polling }} + +{{! allows number of workers to be configured for SQS queue and S3 buckets}} +{{#if number_of_workers }} +number_of_workers: {{ number_of_workers }} +{{/if}} + +{{#if buffer_size }} +buffer_size: {{ buffer_size }} +{{/if}} +{{#if content_type }} +content_type: {{ content_type }} +{{/if}} +{{#if encoding }} +encoding: {{ encoding }} +{{/if}} +{{#if expand_event_list_from_field }} +expand_event_list_from_field: {{ expand_event_list_from_field }} +{{/if}} +{{#if buffer_size }} +buffer_size: {{ buffer_size }} +{{/if}} +{{#if fips_enabled }} +fips_enabled: {{ fips_enabled }} +{{/if}} +{{#if include_s3_metadata }} +include_s3_metadata: {{ include_s3_metadata }} +{{/if}} +{{#if max_bytes }} +max_bytes: {{ max_bytes }} +{{/if}} +{{#if max_number_of_messages }} +max_number_of_messages: {{ max_number_of_messages }} +{{/if}} +{{#if path_style }} +path_style: {{ path_style }} +{{/if}} +{{#if provider }} +provider: {{ provider }} +{{/if}} +{{#if sqs.max_receive_count }} +sqs.max_receive_count: {{ sqs.max_receive_count }} +{{/if}} +{{#if sqs.wait_time }} +sqs.wait_time: {{ sqs.wait_time }} +{{/if}} + +{{#if file_selectors}} +file_selectors: +{{file_selectors}} +{{/if}} + +{{#if credential_profile_name}} +credential_profile_name: {{credential_profile_name}} +{{/if}} +{{#if shared_credential_file}} +shared_credential_file: {{shared_credential_file}} +{{/if}} +{{#if visibility_timeout}} +visibility_timeout: {{visibility_timeout}} +{{/if}} +{{#if api_timeout}} +api_timeout: {{api_timeout}} +{{/if}} +{{#if endpoint}} +endpoint: {{endpoint}} +{{/if}} +{{#if default_region}} +default_region: {{default_region}} +{{/if}} +{{#if access_key_id}} +access_key_id: {{access_key_id}} +{{/if}} +{{#if secret_access_key}} +secret_access_key: {{secret_access_key}} +{{/if}} +{{#if session_token}} +session_token: {{session_token}} +{{/if}} +{{#if role_arn}} +role_arn: {{role_arn}} +{{/if}} +{{#if fips_enabled}} +fips_enabled: {{fips_enabled}} +{{/if}} +{{#if proxy_url }} +proxy_url: {{proxy_url}} +{{/if}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#if preserve_duplicate_custom_fields}} + - preserve_duplicate_custom_fields +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/elasticsearch/ingest_pipeline/default.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..8393daffbf8 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,224 @@ +--- +description: Pipeline for Amazon Bedrock AgentCore runtime application logs +processors: + - rename: + tag: rename_original_message + field: message + target_field: event.original + if: 'ctx.event?.original == null' + description: 'Store original message in event.original' + ignore_missing: true + + - remove: + tag: remove_message_after_copy + field: message + ignore_missing: true + if: ctx.event?.original != null + description: 'The `message` field is no longer required if the document has an `event.original` field.' + + # Parse JSON if the log comes as a string + - json: + tag: parse_json_event_original + field: event.original + target_field: aws.bedrock_agentcore + if: 'ctx.event?.original != null' + ignore_failure: true + + - date: + tag: convert_event_timestamp + field: aws.bedrock_agentcore.event_timestamp + target_field: "@timestamp" + formats: + - UNIX_MS + ignore_failure: true + + - rename: + tag: rename_account_id + field: aws.bedrock_agentcore.account_id + target_field: cloud.account.id + ignore_missing: true + + - rename: + tag: rename_traceId + field: aws.bedrock_agentcore.traceId + target_field: trace.id + ignore_missing: true + + - rename: + tag: rename_trace_id_fallback + if: ctx.trace?.id == null + field: aws.bedrock_agentcore.trace_id + target_field: trace.id + ignore_missing: true + + - rename: + tag: rename_spanId + field: aws.bedrock_agentcore.spanId + target_field: span.id + ignore_missing: true + + - rename: + tag: rename_span_id_fallback + field: aws.bedrock_agentcore.span_id + target_field: span.id + ignore_missing: true + if: ctx.span?.id == null + + - rename: + tag: rename_severity_number + field: aws.bedrock_agentcore.severityNumber + target_field: aws.bedrock_agentcore.severity_number + ignore_missing: true + + # Map severity_text to log.level for ECS compatibility + - set: + tag: set_log_level + field: log.level + copy_from: aws.bedrock_agentcore.severityText + ignore_failure: true + + # Copy request_payload to request_payload_object (keeps both) + - set: + tag: copy_request_payload_object + field: aws.bedrock_agentcore.request_payload_object + copy_from: aws.bedrock_agentcore.body.request_payload + ignore_failure: true + + - rename: + tag: flatten_request_payload + field: aws.bedrock_agentcore.body.request_payload + target_field: aws.bedrock_agentcore.request_payload + ignore_missing: true + if: ctx.aws?.bedrock_agentcore?.body?.request_payload?.prompt == null || ctx.aws.bedrock_agentcore.body.request_payload.prompt instanceof String + + - rename: + tag: flatten_response_payload + field: aws.bedrock_agentcore.body.response_payload + target_field: aws.bedrock_agentcore.response_payload_object + ignore_missing: true + + + - remove: + tag: remove_empty_body + field: aws.bedrock_agentcore.body + ignore_missing: true + + # Set ECS version + - set: + tag: set_ecs_version + field: ecs.version + value: '8.11.0' + + # Set cloud service metadata + - set: + tag: set_cloud_service_name + field: cloud.service.name + value: bedrock-agentcore + + - set: + tag: set_cloud_provider + field: cloud.provider + value: aws + + - script: + tag: extract_resource_attributes + description: Extract fields from resource.attributes with dotted keys + lang: painless + if: ctx.aws?.bedrock_agentcore?.resource?.attributes != null + source: | + def attrs = ctx.aws.bedrock_agentcore.resource.attributes; + + if (attrs.containsKey('service.name')) { + if (ctx.service == null) ctx.service = new HashMap(); + ctx.service.name = attrs['service.name']; + } + ignore_failure: true + + - set: + tag: set_provider + field: aws.bedrock_agentcore.provider_name + value: aws_bedrock_agentcore + + - set: + tag: set_operation + field: aws.bedrock_agentcore.operation_name + value: invoke_agent + + - set: + tag: set_conversation_id + field: aws.bedrock_agentcore.conversation_id + copy_from: aws.bedrock_agentcore.session_id + ignore_failure: true + + - set: + tag: set_event_outcome_success + field: event.outcome + value: success + if: ctx.error?.message == null + + - set: + tag: set_event_outcome_failure + field: event.outcome + value: failure + if: ctx.error?.message != null + + # Truncate large prompt fields to prevent storage issues + - script: + tag: truncate_large_prompts + description: Truncate large prompts and store hash + lang: painless + if: ctx.aws?.bedrock_agentcore?.request_payload?.prompt != null && ctx.aws?.bedrock_agentcore?.request_payload?.prompt instanceof String + source: | + if (ctx.aws.bedrock_agentcore.request_payload.prompt.length() > 32766) { + ctx.aws.bedrock_agentcore.prompt_hash = ctx.aws.bedrock_agentcore.request_payload.prompt.sha1(); + ctx.aws.bedrock_agentcore.request_payload.remove("prompt"); + } + ignore_failure: true + + - dissect: + tag: extract_agent_and_endpoint + field: service.name + pattern: "%{aws.bedrock_agentcore.agent_name}.%{aws.bedrock_agentcore.endpoint_name}" + ignore_failure: true + ignore_missing: true + if: ctx.service?.name != null + + - remove: + tag: remove_unused_fields + field: + - aws.bedrock_agentcore.attributes + - aws.bedrock_agentcore.resource + - aws.bedrock_agentcore.trace_id + - aws.bedrock_agentcore.span_id + - aws.bedrock_agentcore.event_timestamp + - aws.bedrock_agentcore.timeUnixNano + - aws.bedrock_agentcore.severityText + ignore_missing: true + + # Remove empty/null values + - script: + tag: cleanup_null_values + description: Remove null/empty values recursively + lang: painless + source: | + boolean drop(Object o) { + if (o == null || o == "") { + return true; + } else if (o instanceof Map) { + ((Map) o).values().removeIf(v -> drop(v)); + return (((Map) o).size() == 0); + } else if (o instanceof List) { + ((List) o).removeIf(v -> drop(v)); + return (((List) o).length == 0); + } + return false; + } + drop(ctx); + +on_failure: + - set: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' + - set: + field: event.outcome + value: failure \ No newline at end of file diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/agent.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/agent.yml new file mode 100644 index 00000000000..4481cca42e2 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/agent.yml @@ -0,0 +1,29 @@ +- name: cloud + type: group + fields: + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: host + type: group + fields: + - name: containerized + type: boolean + description: > + If the host is a container. + + - name: os.build + type: keyword + example: "18D109" + description: > + OS build information. + + - name: os.codename + type: keyword + example: "stretch" + description: > + OS codename, if any. + +- name: input.type + type: keyword + description: Type of Filebeat input. diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/base-fields.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/base-fields.yml new file mode 100644 index 00000000000..92048db3e85 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/base-fields.yml @@ -0,0 +1,16 @@ +- name: data_stream.type + external: ecs +- name: data_stream.dataset + external: ecs +- name: data_stream.namespace + external: ecs +- name: "@timestamp" + external: ecs +- name: event.module + type: constant_keyword + external: ecs + value: aws +- name: event.dataset + type: constant_keyword + description: Event dataset + value: aws_bedrock_agentcore.runtime_application_logs diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/fields.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/fields.yml new file mode 100644 index 00000000000..7d8f6080a41 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/fields.yml @@ -0,0 +1,74 @@ +- name: aws.bedrock_agentcore + type: group + fields: + - name: agent_name + type: keyword + description: The name of the Bedrock agent. + + - name: endpoint_name + type: keyword + description: The endpoint identifier. + + - name: session_id + type: keyword + description: Unique identifier for the AgentCore runtime session. + + - name: resource_arn + type: keyword + description: Amazon Resource Name (ARN) of the AgentCore runtime resource. + + - name: severity_number + type: integer + description: Numeric severity level associated with the event. + + # severity_text → ECS log.level + - name: request_id + type: keyword + description: ID of the processed request. + + - name: prompt + type: text + description: User prompt text captured by the event. + + - name: prompt_hash + type: keyword + description: Hash of the user prompt for deduplication and correlation. + + - name: operation + type: keyword + description: Name of the AgentCore operation executed. + + - name: service_name + type: keyword + description: Service handling the operation. + + - name: request_payload + type: group + fields: + - name: actor_id + type: keyword + description: Actor initiating the request. + + - name: prompt + type: text + description: Prompt extracted from payload when it is a string. + + - name: request_payload_object + type: flattened + description: Request payload when it is an object, array, or map. + + - name: response_payload_object + type: flattened + description: Response payload from the agent. + + - name: conversation_id + type: keyword + description: Unique identifier for the conversation or session. + + - name: operation_name + type: keyword + description: Name of the GenAI operation performed. + + - name: provider_name + type: keyword + description: Name of the AI provider or platform. \ No newline at end of file diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/input.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/input.yml new file mode 100644 index 00000000000..2c1d2eabfab --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/fields/input.yml @@ -0,0 +1,10 @@ +- name: aws.cloudwatch + type: group + fields: + - name: message + type: text + description: | + CloudWatch log message. +- name: log.offset + type: long + description: Log offset diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/manifest.yml b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/manifest.yml new file mode 100644 index 00000000000..ca3354485da --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/manifest.yml @@ -0,0 +1,363 @@ +title: Amazon Bedrock AgentCore runtime application logs +dataset: aws_bedrock_agentcore.runtime_application_logs +type: logs +streams: + - input: aws-cloudwatch + enabled: true + template_path: aws-cloudwatch.yml.hbs + title: AWS logs via CloudWatch + description: Collect logs using aws-cloudwatch input. + vars: + - name: log_group_arn + type: text + title: Log Group ARN + multi: false + required: false + show_user: true + description: ARN of the log group to collect logs from. + - name: log_group_name + type: text + title: Log Group Name + multi: false + required: false + show_user: false + description: Name of the log group to collect logs from. `region_name` is required when `log_group_name` is given. + - name: log_group_name_prefix + type: text + title: Log Group Name Prefix + multi: false + required: false + show_user: false + description: The prefix for a group of log group names. `region_name` is required when `log_group_name_prefix` is given. `log_group_name` and `log_group_name_prefix` cannot be given at the same time. + - name: include_linked_accounts_with_prefix + type: bool + title: Include Linked Accounts with prefix + multi: false + required: false + show_user: false + description: Include log groups from linked accounts when using `log_group_name_prefix` to derive the monitoring log groups. + - name: region_name + type: text + title: Region Name + multi: false + required: false + show_user: false + description: Region that the specified log group or log group prefix belongs to. + - name: number_of_workers + type: integer + title: Number of Workers + default: 1 + required: false + show_user: false + description: The number of workers assigned to read from log groups. Each worker will read log events from one of the log groups matching `log_group_name_prefix`. For example, if `log_group_name_prefix` matches five log groups, then `number_of_workers` should be set to `5`. The default value is `1`. + - name: log_streams + type: text + title: Log Streams + multi: true + required: false + show_user: false + description: A list of strings of log streams names that Filebeat collect log events from. + - name: log_stream_prefix + type: text + title: Log Stream Prefix + multi: false + required: false + show_user: false + description: A string to filter the results to include only log events from log streams that have names starting with this prefix. + - name: start_position + type: text + title: Start Position + multi: false + required: false + default: beginning + show_user: true + description: Specify whether the input should start reading logs from the `beginning` (oldest log entry), `end` (newest log entry), or `lastSync` (last successful read timestamp if input ran before). + - name: scan_frequency + type: text + title: Scan Frequency + multi: false + required: false + show_user: false + default: 1m + description: This config parameter sets how often Filebeat checks for new log events from the specified log group. + - name: api_timeput + type: text + title: API Timeout + multi: false + required: false + show_user: false + default: 120s + description: The maximum duration of AWS API can take. If it exceeds the timeout, AWS API will be interrupted. + - name: api_sleep + type: text + title: API Sleep + multi: false + required: false + show_user: false + default: 200ms + description: This is used to sleep between AWS FilterLogEvents API calls inside the same collection period. `FilterLogEvents` API has a quota of 5 transactions per second (TPS)/account/Region. This value should only be adjusted when there are multiple Filebeats or multiple Filebeat inputs collecting logs from the same region and AWS account. + - name: latency + type: text + title: Latency + multi: false + required: false + show_user: false + description: "The amount of time required for the logs to be available to CloudWatch Logs. Sample values, `1m` or `5m` — see Golang [time.ParseDuration](https://pkg.go.dev/time#ParseDuration) for more details. Latency translates the query's time range to consider the CloudWatch Logs latency. Example: `5m` means that the integration will query CloudWatch to search for logs available 5 minutes ago." + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - forwarded + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: preserve_duplicate_custom_fields + required: false + show_user: false + title: Preserve duplicate custom fields + description: Preserve Bedrock fields that were copied to Elastic Common Schema (ECS) fields. + type: bool + multi: false + default: false + - input: aws-s3 + enabled: false + template_path: aws-s3.yml.hbs + title: AWS logs from S3 + description: Collect logs using aws-s3 input with or without SQS notification + vars: + - name: api_timeout + type: text + title: API Timeout + multi: false + required: false + show_user: false + description: The maximum duration of AWS API can take. The maximum is half of the visibility timeout value. + - name: bucket_arn + type: text + title: Bucket ARN + multi: false + required: false + show_user: true + description: ARN of the AWS S3 bucket that will be polled for list operation. (Required when `queue_url`, `access_point_arn` and `non_aws_bucket_name` are not set). + - name: access_point_arn + type: text + title: Access Point ARN + multi: false + required: false + show_user: true + description: ARN of the AWS S3 Access Point that will be polled for list operation. (This is an alternative to the Bucket ARN, and required when `queue_url`, `bucket_arn` or `non_aws_bucket_name` are not set). + - name: number_of_workers + type: integer + title: "[S3/SQS] Number of Workers" + multi: false + required: false + show_user: true + default: 1 + description: Number of workers that will process the S3 objects listed. + - name: start_timestamp + type: text + title: "Start Timestamp" + multi: false + required: false + show_user: false + description: If set, only read S3 objects with last modified timestamp newer than the given timestamp. Accepts a timestamp in `YYYY-MM-DDTHH:MM:SSZ` format. For example, "2020-10-10T10:30:00Z" (UTC) or "2020-10-10T10:30:00Z+02:30" (with zone offset). + - name: ignore_older + type: text + title: "Ignore Older Timespan" + multi: false + required: false + show_user: false + description: If set, ignore S3 objects whose Last-Modified time is before the ignore older timespan. Timespan is checked from the current time to S3 object's Last-Modified time. Accepts a duration like `48h`, `2h30m`. + - name: bucket_list_interval + type: text + title: Bucket List Interval + multi: false + required: false + show_user: false + default: 120s + description: Time interval for polling listing of the S3 bucket. + - name: bucket_list_prefix + type: text + title: Bucket List Prefix + multi: false + required: false + show_user: false + description: Prefix to apply for the list request to the S3 bucket. + - name: buffer_size + type: text + title: Buffer Size + multi: false + required: false + show_user: false + description: The size in bytes of the buffer that each harvester uses when fetching a file. This only applies to non-JSON logs. + - name: content_type + type: text + title: Content Type + multi: false + required: false + show_user: false + description: > + A standard MIME type describing the format of the object data. This can be set to override the MIME type that was given to the object when it was uploaded. For example application/json. + + - name: encoding + type: text + title: Encoding + multi: false + required: false + show_user: false + description: The file encoding to use for reading data that contains international characters. This only applies to non-JSON logs. + - name: expand_event_list_from_field + type: text + title: Expand Event List from Field + multi: false + required: false + show_user: false + description: > + If the fileset using this input expects to receive multiple messages bundled under a specific field then the config option expand_event_list_from_field value can be assigned the name of the field. This setting will be able to split the messages under the group value into separate events. For example, CloudTrail logs are in JSON format and events are found under the JSON object "Records". + + - name: file_selectors + type: yaml + title: File Selectors + multi: true + required: false + show_user: false + description: > + If the SQS queue will have events that correspond to files that this integration shouldn’t process file_selectors can be used to limit the files that are downloaded. This is a list of selectors which are made up of regex and expand_event_list_from_field options. The regex should match the S3 object key in the SQS message, and the optional expand_event_list_from_field is the same as the global setting. If file_selectors is given, then any global expand_event_list_from_field value is ignored in favor of the ones specified in the file_selectors. Regex syntax is the same as the Go language. Files that don’t match one of the regexes won’t be processed. content_type, parsers, include_s3_metadata,max_bytes, buffer_size, and encoding may also be set for each file selector. + + - name: fips_enabled + type: bool + title: Enable S3 FIPS + default: false + multi: false + required: false + show_user: false + description: Enabling this option changes the service name from `s3` to `s3-fips` for connecting to the correct service endpoint. + - name: include_s3_metadata + type: text + title: Include S3 Metadata + multi: true + required: false + show_user: false + description: > + This input can include S3 object metadata in the generated events for use in follow-on processing. You must specify the list of keys to include. By default none are included. If the key exists in the S3 response then it will be included in the event as aws.s3.metadata. where the key name as been normalized to all lowercase. + + - name: max_bytes + type: text + title: Max Bytes + default: 10MiB + multi: false + required: false + show_user: false + description: The maximum number of bytes that a single log message can have. All bytes after max_bytes are discarded and not sent. This setting is especially useful for multiline log messages, which can get large. This only applies to non-JSON logs. + - name: max_number_of_messages + type: integer + title: Maximum Concurrent SQS Messages + description: Deprecated in agent version 8.16.0, this parameter is ignored if present, use number_of_workers instead. The maximum number of SQS messages that can be inflight at any time. + default: 5 + required: false + show_user: false + - name: non_aws_bucket_name + type: text + title: Non AWS Bucket Name + multi: false + required: false + show_user: false + description: Name of the S3 bucket that will be polled for list operation. Required for 3rd party S3 compatible services. (Required when `queue_url`, `bucket_arn` or `access_point_arn` are not set). + - name: path_style + type: text + title: Path Style + multi: false + required: false + show_user: false + description: > + Enabling this option sets the bucket name as a path in the API call instead of a subdomain. When enabled https://.s3...com becomes https://s3...com/. This is only supported with 3rd party S3 providers. AWS does not support path style. + + - name: provider + type: text + title: Provider Name + multi: false + required: false + show_user: false + description: Name of the 3rd party S3 bucket provider like backblaze or GCP. + - name: queue_url + type: text + title: Queue URL + multi: false + required: false + show_user: true + description: URL of the AWS SQS queue that messages will be received from. + - name: sqs.max_receive_count + type: integer + title: SQS Message Maximum Receive Count + multi: false + required: false + show_user: false + default: 5 + description: The maximum number of times a SQS message should be received (retried) before deleting it. This feature prevents poison-pill messages (messages that can be received but can’t be processed) from consuming resources. + - name: sqs.wait_time + type: text + title: SQS Maximum Wait Time + multi: false + required: false + show_user: false + default: 20s + description: > + The maximum duration that an SQS `ReceiveMessage` call should wait for a message to arrive in the queue before returning. The maximum value is `20s`. + + - name: visibility_timeout + type: text + title: Visibility Timeout + multi: false + required: false + show_user: false + description: The duration that the received messages are hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage request. The maximum is 12 hours. + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: true + default: + - forwarded + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: preserve_duplicate_custom_fields + required: false + show_user: false + title: Preserve duplicate custom fields + description: Preserve Bedrock fields that were copied to Elastic Common Schema (ECS) fields. + type: bool + multi: false + default: false diff --git a/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/sample_event.json b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/sample_event.json new file mode 100644 index 00000000000..20177566d96 --- /dev/null +++ b/packages/aws_bedrock_agentcore/data_stream/runtime_application_logs/sample_event.json @@ -0,0 +1,82 @@ +{ + "agent": { + "name": "docker-fleet-agent", + "id": "8f26c9ae-e204-484b-aef5-38a8988e0a62", + "type": "filebeat", + "ephemeral_id": "d5a1fd3e-1411-4730-8b9a-e237d8000186", + "version": "8.19.0" + }, + "log": { + "file": { + "path": "arn:aws:logs:us-east-1:627286350132:log-group:/aws/vendedlogs/bedrock-agentcore/runtime/APPLICATION_LOGS/claudeserver-CdBoW2FLP0/BedrockAgentCoreRuntime_ApplicationLogs" + } + }, + "elastic_agent": { + "id": "8f26c9ae-e204-484b-aef5-38a8988e0a62", + "version": "8.19.0", + "snapshot": false + }, + "tags": [ + "forwarded" + ], + "cloud": { + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + }, + "region": "us-east-1", + "account": { + "id": "627286350134" + } + }, + "input": { + "type": "aws-cloudwatch" + }, + "trace": { + "id": "6909cc3835755ae933e4c5fc38d249a2" + }, + "@timestamp": "2025-11-04T09:49:45.198Z", + "ecs": { + "version": "8.11.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "aws_bedrock_agentcore.runtime_application_logs" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "event": { + "agent_id_status": "verified", + "ingested": "2025-11-17T12:27:05Z", + "id": "39299483435865920498526836744670895669942873429125169152", + "dataset": "aws_bedrock_agentcore.runtime_application_logs", + "outcome": "success" + }, + "aws": { + "bedrock_agentcore": { + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "agent_name": "customersupport", + "endpoint_name": "DEFAULT", + "request_payload": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "operation": "InvokeAgentRuntime", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350133:runtime/customersupport-3OutfrDDJ3", + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344cb", + "severity_number": 9 + } + }, + "log": { + "level": "INFO" + }, + "span": { + "id": "015d756c7d9bf372" + } +} \ No newline at end of file diff --git a/packages/aws_bedrock_agentcore/docs/README.md b/packages/aws_bedrock_agentcore/docs/README.md index 2127b288ddd..ebcb6db230e 100644 --- a/packages/aws_bedrock_agentcore/docs/README.md +++ b/packages/aws_bedrock_agentcore/docs/README.md @@ -35,6 +35,17 @@ For more details about these requirements, check the [AWS integration documentat * You can install only one Elastic Agent per host. * Elastic Agent is required to collect metrics from CloudWatch and ship the data to Elastic, where the events will then be processed through the integration's ingest pipelines. +### How to find the `log_group_arn` (for log-based datasets) + +Some datasets in this integration require the ARN of the CloudWatch log group where your AgentCore logs are stored. You can find it by: + +- Opening CloudWatch in the AWS Console +- Going to Logs > Log groups +- Selecting the log group used by your AgentCore deployment +- Copying the Log group ARN shown + +You can then use this ARN when configuring any log-based dataset. + ## Setup To use the Amazon Bedrock AgentCore metrics, ensure your agents are deployed and running. The integration will automatically collect metrics from the AWS/Bedrock-AgentCore CloudWatch namespace. For enhanced observability, enable detailed monitoring and logging for your AgentCore resources. @@ -265,3 +276,134 @@ The following alert rule templates are available: + + +## Logs + +### Runtime Application Logs + +Amazon Bedrock AgentCore runtime application logs provide detailed insights into agent execution, decision-making processes, and operational events. The integration collects comprehensive log data from your intelligent agents to help you understand agent behavior and troubleshoot issues. + +For more details about enabling logs for AgentCore, check the [Amazon Bedrock AgentCore Observability Guide](https://docs.aws.amazon.com/bedrock-agentcore/latest/devguide/observability-view.html). + +An example event for `runtime_application` looks as following: + +```json +{ + "agent": { + "name": "docker-fleet-agent", + "id": "8f26c9ae-e204-484b-aef5-38a8988e0a62", + "type": "filebeat", + "ephemeral_id": "d5a1fd3e-1411-4730-8b9a-e237d8000186", + "version": "8.19.0" + }, + "log": { + "file": { + "path": "arn:aws:logs:us-east-1:627286350132:log-group:/aws/vendedlogs/bedrock-agentcore/runtime/APPLICATION_LOGS/claudeserver-CdBoW2FLP0/BedrockAgentCoreRuntime_ApplicationLogs" + } + }, + "elastic_agent": { + "id": "8f26c9ae-e204-484b-aef5-38a8988e0a62", + "version": "8.19.0", + "snapshot": false + }, + "tags": [ + "forwarded" + ], + "cloud": { + "provider": "aws", + "service": { + "name": "bedrock-agentcore" + }, + "region": "us-east-1", + "account": { + "id": "627286350134" + } + }, + "input": { + "type": "aws-cloudwatch" + }, + "trace": { + "id": "6909cc3835755ae933e4c5fc38d249a2" + }, + "@timestamp": "2025-11-04T09:49:45.198Z", + "ecs": { + "version": "8.11.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "aws_bedrock_agentcore.runtime_application_logs" + }, + "service": { + "name": "customersupport.DEFAULT" + }, + "event": { + "agent_id_status": "verified", + "ingested": "2025-11-17T12:27:05Z", + "id": "39299483435865920498526836744670895669942873429125169152", + "dataset": "aws_bedrock_agentcore.runtime_application_logs", + "outcome": "success" + }, + "aws": { + "bedrock_agentcore": { + "conversation_id": "76d5c1a5-df2d-4299-b536-9f0302e344ab", + "operation_name": "invoke_agent", + "provider_name": "aws_bedrock_agentcore", + "agent_name": "customersupport", + "endpoint_name": "DEFAULT", + "request_payload": { + "actor_id": "DEFAULT", + "prompt": "Summarize my previous conversation" + }, + "operation": "InvokeAgentRuntime", + "request_id": "083603b2-7b75-46ba-bf61-45c562764b68", + "resource_arn": "arn:aws:bedrock-agentcore:us-east-1:627286350133:runtime/customersupport-3OutfrDDJ3", + "service_name": "AgentCoreCodeRuntime", + "session_id": "76d5c1a5-df2d-4299-b536-9f0302e344cb", + "severity_number": 9 + } + }, + "log": { + "level": "INFO" + }, + "span": { + "id": "015d756c7d9bf372" + } +} +``` +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| aws.bedrock_agentcore.agent_name | The name of the Bedrock agent. | keyword | +| aws.bedrock_agentcore.conversation_id | Unique identifier for the conversation or session. | keyword | +| aws.bedrock_agentcore.endpoint_name | The endpoint identifier. | keyword | +| aws.bedrock_agentcore.operation | Name of the AgentCore operation executed. | keyword | +| aws.bedrock_agentcore.operation_name | Name of the GenAI operation performed. | keyword | +| aws.bedrock_agentcore.prompt | User prompt text captured by the event. | text | +| aws.bedrock_agentcore.prompt_hash | Hash of the user prompt for deduplication and correlation. | keyword | +| aws.bedrock_agentcore.provider_name | Name of the AI provider or platform. | keyword | +| aws.bedrock_agentcore.request_id | ID of the processed request. | keyword | +| aws.bedrock_agentcore.request_payload.actor_id | Actor initiating the request. | keyword | +| aws.bedrock_agentcore.request_payload.prompt | Prompt extracted from payload when it is a string. | text | +| aws.bedrock_agentcore.request_payload_object | Request payload when it is an object, array, or map. | flattened | +| aws.bedrock_agentcore.resource_arn | Amazon Resource Name (ARN) of the AgentCore runtime resource. | keyword | +| aws.bedrock_agentcore.response_payload_object | Response payload from the agent. | flattened | +| aws.bedrock_agentcore.service_name | Service handling the operation. | keyword | +| aws.bedrock_agentcore.session_id | Unique identifier for the AgentCore runtime session. | keyword | +| aws.bedrock_agentcore.severity_number | Numeric severity level associated with the event. | integer | +| aws.cloudwatch.message | CloudWatch log message. | text | +| cloud.image.id | Image ID for the cloud instance. | keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| event.dataset | Event dataset | constant_keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | constant_keyword | +| host.containerized | If the host is a container. | boolean | +| host.os.build | OS build information. | keyword | +| host.os.codename | OS codename, if any. | keyword | +| input.type | Type of Filebeat input. | keyword | +| log.offset | Log offset | long | + diff --git a/packages/aws_bedrock_agentcore/manifest.yml b/packages/aws_bedrock_agentcore/manifest.yml index 82b01c02ef9..4d68e8f8c35 100644 --- a/packages/aws_bedrock_agentcore/manifest.yml +++ b/packages/aws_bedrock_agentcore/manifest.yml @@ -1,10 +1,10 @@ format_version: 3.4.0 name: aws_bedrock_agentcore title: "Amazon Bedrock AgentCore" -version: 0.4.0 +version: 0.5.0 source: license: "Elastic-2.0" -description: "Collect Amazon Bedrock AgentCore's Agent runtime, Gateway, Identity, Memory, Browser Tools and Code Interpreter metrics using Elastic Agent" +description: "Collect Amazon Bedrock AgentCore's Agent runtime, Gateway, Identity, Memory, Browser Tools and Code Interpreter metrics and logs using Elastic Agent" type: integration categories: - aws @@ -53,6 +53,12 @@ policy_templates: - type: aws/metrics title: Collect Amazon Bedrock AgentCore metrics description: Collect Amazon Bedrock AgentCore metrics using AWS CloudWatch. + - type: aws-cloudwatch + title: Collect Amazon Bedrock AgentCore logs from CloudWatch + description: Collect Amazon Bedrock AgentCore logs using AWS CloudWatch. + - type: aws-s3 + title: Collect Amazon Bedrock AgentCore logs from S3 + description: Collect Amazon Bedrock AgentCore logs from S3 with Elastic Agent. vars: - name: shared_credential_file type: text @@ -119,4 +125,4 @@ vars: description: URL to proxy connections in the form of http\[s\]://:@: owner: github: elastic/obs-infraobs-integrations - type: elastic + type: elastic \ No newline at end of file