Cross-Region log ingestion

When you deploy Centralized Logging with OpenSearch in one Region, the solution allows you to ingest service logs from another Region.

Note

For Amazon RDS/Aurora and AWS Lambda service logs, this feature is not supported.

The Region where the service resides is referred to as "Source Region", while the Region where the Centralized Logging with OpenSearch console is deployed as "Logging Region".

For AWS CloudTrail, you can create a new trail that sends logs into a S3 bucket in the Logging Region, and you can find the CloudTrail in the list. To learn how to create a new trail, refer to Creating a trail.

For other services with logs located in S3 buckets, you can manually transfer logs (for example, using the S3 Cross-Region Replication feature) to the Logging Region S3 bucket.

You can complete the following steps to implement cross-Region log ingestion:

Set the service log location in another Region to be the Logging Region (such as AWS WAF), or automatically copy logs from the Source Region to the Logging Region using Cross-Region Replication (CRR).
In the solution console, choose AWS Service Log in the left navigation pane, and choose Create a pipeline.
In the Select an AWS Service area, choose a service in the list, and choose Next.
In Creation Method, choose Manual, then enter the resource name and Amazon S3 log location parameter, and choose Next.
Change log analytics engines and log lifecycle settings, and choose Next.
Add tags if you need, and choose Next to create the pipeline.

Then you can use the OpenSearch dashboard or Grafana to discover logs and view dashboards.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Supported AWS services

AWS CloudTrail logs