Build a centralized log analytics platform with Amazon OpenSearch Service on AWS in 20 minutes
Overview
Centralized Logging with OpenSearch helps organizations collect, ingest, and visualize log data from various sources using Amazon OpenSearch Service. This AWS Solution provides a web-based console, which you can use to create log ingestion pipelines with a few clicks. Log ingestion pipelines include log collection agent deployment, log enrichment without writing codes, buffer layer creation, and OpenSearch index configuration. After logs are stored in OpenSearch Service, the solution automatically generates ready-to-use dashboards for analyzing AWS service logs and application logs in different formats (for example, Nginx, JSON, and Spring Boot). In combination with other AWS services, this solution provides you with a turnkey environment to begin logging and monitoring your AWS applications.
Benefits
Use a web console from your AWS account to ingest both application and AWS service logs, then analyze the logs with visualization dashboards.
Serverless technologies with built-in high availability and a pay-for-use billing model reduces the need for infrastructure management, allowing you to focus more on building log analytics for your business.
The solution is open sourced and free for commercial use. You pay only for the AWS usage. You can take the source code as a reference to make your own implementation that fits your needs.
Technical details
You can automatically deploy this architecture using the implementation guide and the AWS CloudFormation templates for AWS Regions or AWS China Regions.
Step 1
Amazon CloudFront distributes the frontend web user interface (UI) assets hosted in an Amazon Simple Storage Service (Amazon S3) bucket.
Step 2
Amazon Cognito user pool or OpenID Connector (OIDC) can be used for authentication.
Step 3
AWS AppSync provides the backend GraphQL APIs.
Step 4
Amazon DynamoDB stores the solution-related information as a backend database.
Step 5
AWS Lambda interacts with other AWS services to process core logic of managing log pipelines or log agents and obtains information updated in DynamoDB tables.
Step 6
AWS Step Functions orchestrates on-demand CloudFormation deployment of a set of predefined stacks for log pipeline management. The log pipeline stacks deploy separate AWS resources and are used to collect and process logs and ingest them into Amazon OpenSearch Service for further analysis and visualization.
Step 7
Service Log Pipeline or Application Log Pipeline are provisioned on demand through the Centralized Logging with OpenSearch console.
Step 8
AWS Systems Manager and Amazon EventBridge manage log agents for collecting logs from application servers, such as installing log agents (Fluent Bit) for application servers and monitoring the health status of the agents.
Step 9
Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Elastic Kubernetes Service (Amazon EKS) installs Fluent Bit agents and uploads log data to the application log pipeline.
Step 10
Application log pipelines read, parse, and process application logs and ingest them into OpenSearch Service domains or Light Engine.
Step 11
Service log pipelines read, parse, and process AWS service logs and ingest them into OpenSearch Service domains or Light Engine.
Step 1
Amazon CloudFront distributes the frontend web user interface (UI) assets hosted in an Amazon Simple Storage Service (Amazon S3) bucket.
Step 2
Amazon Cognito user pool or OpenID Connector (OIDC) can be used for authentication.
Step 3
AWS AppSync provides the backend GraphQL APIs.
Step 4
Amazon DynamoDB stores the solution-related information as a backend database.
Step 5
AWS Lambda interacts with other AWS services to process core logic of managing log pipelines or log agents and obtains information updated in DynamoDB tables.
Step 6
AWS Step Functions orchestrates on-demand CloudFormation deployment of a set of predefined stacks for log pipeline management. The log pipeline stacks deploy separate AWS resources and are used to collect and process logs and ingest them into Amazon OpenSearch Service for further analysis and visualization.
Step 7
Service Log Pipeline or Application Log Pipeline are provisioned on demand through the Centralized Logging with OpenSearch console.
Step 8
AWS Systems Manager and Amazon EventBridge manage log agents for collecting logs from application servers, such as installing log agents (Fluent Bit) for application servers and monitoring the health status of the agents.
Step 9
Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Elastic Kubernetes Service (Amazon EKS) installs Fluent Bit agents and uploads log data to the application log pipeline.
Step 10
Application log pipelines read, parse, and process application logs and ingest them into OpenSearch Service domains or Light Engine.
Step 11
Service log pipelines read, parse, and process AWS service logs and ingest them into OpenSearch Service domains or Light Engine.
Related content
This image shows a preview of the web console for Centralized Logging with OpenSearch.
This blog describes an Amazon CloudWatch capability to search, analyze, and correlate cross-account telemetry data stored in CloudWatch such as metrics, logs, and traces.
- Publish Date
Launch with an existing VPC in AWS Regions
Launch with a new VPC in AWS China Regions
Launch with an existing VPC in China Regions