Send Cloudwatch Logs directly to AWS Elasticsearch (without plugin)


I was wondering if it’s possible to send the CloudWatch Logs directly to AWS Elasticsearch, without the plugin?

What are the advantages and disadvantages of using the plugin for importing the logs in AWS Elasticsearch?


You could probably build something with AWS Lambda, but that has nothing to do with Graylog.

The advantage with using the Graylog AWS plugin is that Graylog will be able to pre-process (filter, mutate) the messages and that Graylog will be able to read the messages after indexing.


You can stream it directly from CloudWatch to Amazon Elasticsearch, or use lambda or Amazon Kinesis Data Firehose if pre-processing is required. As I understand well, the Graylog plugin can do the same.

If the messages are streamed directly to AWS Elasticsearch will Graylog have the same functionality or is Graylog doing some extra steps during import? In other words, is it required to use Graylog for the import to AWS Elasticsearch?


Yes, unless you want to reimplement lots of the indexing logic from Graylog by other means in AWS.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.