Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Back to All Integrations

Amazon Web Services (AWS) Load Balancer Amazon Web Services (AWS) Load Balancer

Last Updated: Feb. 01, 2023

The following tutorial demonstrates how to collect your AWS load balancer (ELB, ALB, NLB) logs – decrypted and with their original timestamp – and send them to Coralogix. Installation free, the process entails simply deploying a Lambda. 

AWS Load Balancer logs are written by AWS to S3, in order to ship them into Coralogix and enjoy our queries, alerts, visualizations, and ML capabilities, you should read the log data bucket using our proprietary Lambda.


  • An operating Load balancer which writes his access log to S3
  • A S3 bucket, the bucket should be clear of any triggers
  • AWS account with premissions to create Lambdas and IAM roles


  • Navigate to Coralogix Lambda creation: Here
  • Fill in the required fields
  • Check the checkbox: “I acknowledge that this app creates custom IAM roles and resource policies”
  • Deploy

Parameters and Descriptions

Application NameThe stack name of this application created via AWS CloudFormation.
If your log is JSON format, can use a Dynamic value from it.
NotificationEmailFailure notification email address (optional)
S3BucketNameThe name of the S3 bucket to watch
ApplicationNameApplication Name in Coralogix
BlockingPatternIf you wish to block some of the logs adding a substring will act as selector.
Default is empty to send all logs
BufferSizeBuffer size for logs in the lambda function
CoralogixRegionThe Coralogix location region [Europe, India, Singapore, US] Check your Coralogix account if url ends in .us its US. Region. Same for the others.
DebugCoralogix logger debug mode
FunctionArchitectureOur Function supports x86_64 or arm64
FunctionMemorySizeMax Memory for the function itself
FunctionTimeoutFunction TimeOut
NewlinePatternPattern for multiLine example: [\s(?={)|(?<=})\s,\s(?={)|(?<=})\s]
PrivateKeyYour Coralogix account ‘send your logs’ key. Can be found in DataFlow -> API Key
SamplingRateSets the sampling rate
SubsystemNameSubSystem name in Coralogix.
If your log is JSON format, can use a Dynamic value from it.
S3KeyPrefixThe S3 path prefix to watch, if you want to watch a particular subfolder within the bucket.
S3KeySuffixThe S3 path suffix to watch

You’re all set! Your AWS load balancer log data should now be streaming to Coralogix.

Please take a look at our “How to get the most out of your ELB logs” to learn more about ELB logs in general, how to parse them into JSON and find examples of useful visualizations and alerts that are based on these logs.. 

Need help? ping us on our in-app chat for our world-class tech support or send an email to [email protected] 

On this page