CloudWatch pipelines processors

CloudWatch pipelines processors transform, parse, and enrich log data as it flows through the pipeline. A pipeline can have up to 20 processors that are applied sequentially in the order they are defined.

Processor categories
Category	Description
Parsers	Convert raw log data into structured formats, such as Open Cybersecurity Schema Framework (OCSF), CSV, JSON, and so on
Transformers	Modify log data structure; add, copy, move, or delete fields
String Processors	Manipulate string values; case conversion, trimming, substitution

Topics

Parser processors
Transformation processors
String manipulation processors
Common processor use cases
Processor compatibility and restrictions

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS service logs from CloudWatch Logs

Parser processors