Ingesting data into Elasticsearch can be challenging since it involves a number of steps including collecting, converting, mapping, and loading data from different data sources to your Elasticsearch index. You have to convert the raw data into a structured data format such as JSON or CSV, clean it, and map it to target data fields. You also have to batch and buffer the data for efficient loading so that the data is available immediately for querying without overloading your cluster’s compute and networking resources.
With Amazon Elasticsearch Service, you can easily accomplish all of this, by leveraging the integrations with Amazon Kinesis Data Firehose, Logstash, Amazon CloudWatch, or AWS IoT, providing you the flexibility to select the ingestion tool that meets your use case requirements.
Data ingestion using Amazon Kinesis Data Firehose
With Amazon Kinesis Firehose, you can easily convert raw streaming data from your data sources into the formats required by your Elasticsearch index and load it to Amazon Elasticsearch Service, without having to build your own data processing pipelines.
To use this feature, simply select an AWS Lambda function from the Amazon Kinesis Firehose delivery stream configuration tab in the AWS Management Console. Amazon Kinesis Firehose will automatically apply the AWS Lambda function to every input data record and load the transformed data to your Amazon Elasticsearch index.
Amazon Kinesis Firehose provides pre-built Lambda blueprints that can be used without any change or customized for converting common data sources such as Apache logs and system logs to JSON and CSV formats. You can also configure Amazon Kinesis Firehose to automatically retry failed jobs and back up the raw streaming data. Learn more »
Data ingestion using Logstash
Amazon Elasticsearch Service supports integration with Logstash, an open-source data processing tool that collects data from sources, transforms it, and then loads it to Elasticsearch. You can easily deploy Logstash on Amazon EC2, and set up your Amazon Elasticsearch domain as the backend store for all logs coming through your Logstash implementation. Logstash supports a library of pre-built filters to easily perform common transformations such as parsing unstructured log data into structured data through pattern-matching; renaming, removing, replacing, and modifying fields in your data records; and aggregating metrics. Learn more »
Data ingestion using Amazon CloudWatch Logs
Amazon CloudWatch Logs lets you monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. You can configure a CloudWatch Logs log group to stream data to your Amazon Elasticsearch Service domain in near real-time through a CloudWatch Logs subscription. This integration is convenient if you are already using CloudWatch Logs to collect log data, and would like to share that data with your Amazon Elasticsearch Service users. Learn more »
Data ingestion using AWS IoT
AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. With AWS IoT, you can capture data from connected devices such as consumer appliances, embedded sensors, and TV set-top boxes. Using the AWS Management console you can configure AWS IoT to load the data directly to Amazon Elasticsearch Service, enabling you to provide your customers near real-time access to IoT data and metrics. Learn more »
How to choose the right ingestion mechanism
Choosing the right ingestion mechanism depends on your use case requirements such as data latency and data type. For large data volumes, we recommend using Amazon Kinesis Firehose, which is fully managed, automatically scales to match the throughput of your data, and requires no ongoing administration. It can also transform, compress, and batch the data before loading it to Amazon Elasticsearch Service domain. Often, the choice also comes down to the services you are already using. For example, if you are already collecting application logs using Amazon CloudWatch Logs, you can simply load that data into your Amazon Elasticsearch Service domain without much additional effort.
- Get started on Amazon Elasticsearch Service using AWS Free Tier »
- Try this free 40-minute hands-on lab »
- Build a log analytics solution by following this step-by-step tutorial »
- Work through the Amazon Elasticsearch Service Getting Started Guide »