AWS Solutions Library

Centralized Logging with OpenSearch

Build a centralized log analytics platform with Amazon OpenSearch Service on AWS in 20 minutes

Overview

Centralized Logging with OpenSearch helps organizations collect, ingest, and visualize log data from various sources using Amazon OpenSearch Service. This solution provides a web-based console, which you can use to create log ingestion pipelines with a few clicks. Log ingestion pipelines include log collection agent deployment, log enrichment without writing codes, buffer layer creation, and OpenSearch index configuration. After logs are stored in OpenSearch Service, the solution automatically generates out-of-the-box dashboards for analyzing AWS service logs and application logs in different formats (for example, Nginx, JSON, and Spring Boot). In combination with other AWS services, this solution provides you with a turnkey platform to begin logging and monitoring your AWS environment and applications.

Benefits

Ease of use

You can easily deploy the solution in your AWS account and use a web console to ingest both application logs and AWS service logs. You can quickly analyze logs with out-of-the-box visualization dashboards.

Improved operational efficiency

The solution combines serverless technologies with built-in high availability and a pay-for-use billing model. The architecture reduces the need for infrastructure management, allowing you to focus more on building log analytics for your business.

Open source and customization

The solution is open sourced and free for commercial usage. You pay only for the AWS usage. If you have different use cases, you can take the source code as a reference to make your own implementation.

Technical details

The diagram below presents the architecture you can automatically deploy using the solution's implementation guide and accompanying Amazon CloudFormation template.

Centralized Logging with OpenSearch | Architecture Diagram

Step 1
Amazon CloudFront distributes the frontend web UI assets hosted in an Amazon Simple Storage Service (Amazon S3) bucket.

Step 2
Amazon Cognito user pool or OpenID Connector (OIDC) can be used for authentication.

Step 3
AWS AppSync provides the backend GraphQL APIs.

Step 4
Amazon DynamoDB stores the solution-related information as a backend database.

Step 5
AWS Lambda interacts with other AWS services to process core logic of managing log pipelines or log agents and obtains information updated in DynamoDB tables.

Step 6
AWS Step Functions orchestrates on-demand AWS CloudFormation deployment of a set of predefined stacks for log pipeline management. The log pipeline stacks deploy separate AWS resources and are used to collect and process logs and ingest them into Amazon OpenSearch Service for further analysis and visualization.

Step 7
Service Log Pipeline or Application Log Pipeline are provisioned on demand via the Centralized Logging with OpenSearch console.

Step 8
AWS Systems Manager and Amazon EventBridge manage log agents for collecting logs from application servers, such as installing log agents (Fluent Bit) for application servers and monitoring the health status of the agents.

Step 9
Amazon EC2 or Amazon EKS installs Fluent Bit agents and uploads log data to the application log pipeline.

Step 10
Application log pipelines read, parse, and process application logs and ingest them into Amazon OpenSearch Service domains.

Step 11
Service log pipelines read, parse, and process AWS service logs and ingest them into Amazon OpenSearch Service domains.