- Observability: other versions:
- What is Elastic Observability?
- What’s new in 7.16
- Send data to Elasticsearch
- Spin up the Elastic Stack
- Deploy Elastic Agent to send data
- Deploy Beats to send data
- Elastic Serverless Forwarder for AWS
- Deploy serverless forwarder
- Configuration options
- Troubleshooting
- Observability overview page
- Application performance monitoring (APM)
- Log monitoring
- Metrics monitoring
- Synthetic monitoring
- User Experience
- Explore data
- Alerting
- Cases
- CI/CD Observability
- Fields reference
- Tutorials
IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Automatic routing
editAutomatic routing
editElastic Serverless Forwarder supports automatic routing of the following logs to the corresponding default integration data stream:
-
AWS CloudTrail (
aws.cloudtrail
) -
Amazon CloudWatch (
aws.cloudwatch_logs
) -
Elastic Load Balancing (
aws.elb_logs
) -
AWS Network Firewall (
aws.firewall_logs
) -
Amazon VPC Flow (
aws.vpcflow
) -
AWS Web Application Firewall (
aws.waf
)
For these use cases, setting the es_datastream_name
field in the configuration file is optional.
For most other use cases, you will need to set the es_datastream_name
field in the configuration file to route the data to a specific data stream or index. This value should be set in the following use cases:
- You want to write the data to a specific index, alias, or custom data stream, and not to the default integration data stream. This can help some users to use existing Elasticsearch assets like index templates, ingest pipelines, or dashboards, that are already set up and connected to business processes.
-
When using
Kinesis Data Stream
,CloudWatch Logs subscription filter
orDirect SQS message payload
inputs. Only theS3 SQS Event Notifications
input method supports automatic routing to default integration data streams for several AWS service logs. -
When using
S3 SQS Event Notifications
but where the log type is something other than AWS CloudTrail (aws.cloudtrail
), Amazon CloudWatch Logs (aws.cloudwatch_logs
), Elastic Load Balancing (aws.elb_logs
), AWS Network Firewall (aws.firewall_logs
), Amazon VPC Flow (aws.vpcflow
), and AWS Web Application Firewall (aws.waf
).
If the es_datastream_name
is not specified, and the log cannot be matched with any of the above AWS services, then the dataset will be set to generic
and the namespace set to default
, pointing to the data stream name logs-generic-default
.
Was this helpful?
Thank you for your feedback.