Centralized Logging on AWS
Appendix B: Adding Custom CloudWatch Logs

The centralized logging solution enables you to add custom Amazon CloudWatch log sources and log groups to the solution’s Amazon Elasticsearch Service (Amazon ES) domain. Use the following procedure to add custom log sources and groups.

  1. Navigate to the Amazon CloudWatch console and select Logs.

  2. Choose the applicable Log Group.

  3. In the Actions drop-down menu, choose Stream to AWS Lambda.

  4. In the Lambda Function drop-down menu, select LogStreamer. Then, choose Next.

  5. In the Log Format drop-down menu, select the applicable log format.

  6. Under Select Log Data to Test, choose Test Pattern.

  7. Verify that the Results section shows at least one match.

  8. Choose Next. For more information, see Real-time Processing of Log Data with Subscriptions.

  9. Choose Start Streaming.

To verify that your logs are being indexed on the Amazon ES domain, navigate to the Amazon ES dashboard. Under the Indices section of the dashboard, check Mappings for indexed fields from the sample logs.