We're launching a new cybersecurity venture! Learn more about Snowbit >

AWS Load Balancer AWS Load Balancer

Last Updated: Mar. 30, 2022

Coralogix allows an easy way to collect your AWS load balancer (ELB, ALB, NLB) logs while decrypting them and using their original timestamp without you having to install anything on your environment, but simply deploying a Lambda. 

AWS Load Balancer logs are written by AWS to S3, in order to ship them into Coralogix and enjoy our queries, alerts, visualizations, and ML capabilities, you should read the log data bucket using our proprietary Lambda.


Make sure you add the following environment variables when using this lambda:

If your account URL ends with ‘.in’, add the following environment variable:


1. Create an “author from scratch” Node.js 10.x runtime lambda with an S3 read permissions 

author from scratch

2. At “Code entry type” choose “Upload a ZIP file” and upload “s3ToCoralogixELB.zip


function code

3. Add the mandatory environment variables: private_key, app_name, sub_name

env vars for coralogix S3 lambda

4. Choose the S3 bucket you want to get triggered by and change the event type from “PUT” to “Object Created(All)”

S3 bucket for coralogix

5. Multiline pattern: Coralogix supports multiline pattern by default, you can define a custom pattern with an environment variables, for example: newline_pattern [\s(?={)|(?<=})\s,\s(?={)|(?<=})\s\]. 

custom multiline in S3

6. Increase Memory to 1024mb and Timeout to 30 sec.

Lambda config cw logs

7. Click ‘Save’

You’re all set! Your AWS load balancer log data should now be streaming to Coralogix.

Please take a look at our “How to get the most out of your ELB logs” to learn more about ELB logs in general, how to parse them into JSON and find examples of useful visualizations and alerts that are based on these logs.. 

Need help? ping us on our in-app chat for our world-class tech support or send an email to [email protected] 

On this page