Our next-gen architecture is built to help you make sense of your ever-growing data Watch a 4-min demo video!

Start Free Trial Request Demo
Back to All Docs

AWS CloudWatch Logs AWS CloudWatch Logs

Last Updated: Sep. 20, 2023

Coralogix provides an easy way to collect your CloudWatch Logs. Use AWS Serverless Application Repository for seamless integration.

Prerequisites

  • AWS user with necessary permissions to create Lambdas and IAM roles
  • AWS CloudWatch log group

Installation

STEP 1. Navigate to the application page associated with your Coralogix domain and AWS region:

STEP 2. Fill in the required parameters.

STEP 3. Click DEPLOY.

Notes:

  • Once the deployment is done the lambda will listen in on the selected CloudWatch groups.
  • You can add more groups as triggers to the same lambda after the deployment is done.
  • To do so, navigate to Configuration tab and from under ‘General configuration’ panel select Triggers. There just click on ‘Add trigger’ and select the desired source for your data.

Parameters and Descriptions

VariableDescription
ApplicationNameApplication name as it appears in your Coralogix UI
CloudWatchLogGroupNameMust contain a list of log group names separated by a comma (log-group1,log-group2,log-group3).
CoralogixRegionRegion [Europe, Europe2, India, Singapore, or US] associated with your Coralogix account domain. If you want to use a custom domain, leave this as default and write the Custom domain in the CustomDomain field.
CustomDomainCoralogix custom domain. Leave empty if you do not use a custom domain.
FunctionArchitectureFunction supports x86_64 or arm64
FunctionMemorySizeMax memory for the function itself. Default is 1024. Do not change.
FunctionTimeoutMaximum time in seconds the function may be allowed to run. Default is 300. Do not change.
NewlinePatternPattern for lines splitting. Default is (?:\r\n|\r|\n). Do not change.
PrivateKeyYour Coralogix ‘Send Your Data’ API Key
NotificationEmail [Optional] If the Lambda fails, a notification email will be sent to this address via SNS. Requires a working SNS with a validated domain.
SubsystemNameSubsystem name as it appears in your Coralogix UI
SsmEnabledSet this to True to use AWS Secrets. When enabled, it creates the secret in with the following pattern: “lambda/coralogix/<AWS_REGION>/<Cloudwatch_lambda_name>”) – optional. The field receives ‘True’ or ‘False’. Note: Both layers and Lambda need to be in the same AWS Region.

Notes:

  • Do not change the FunctionMemorySizeFunctionTimeout, and NewlinePattern parameters.
  • The application should be installed in the same AWS region as the CloudWatch log group.
  • You may use log field for Application/Subsystem names with the following syntax: $.my_log.field.

Secure PrivateKey Storage in SSM

To use AWS Secrets Manager to store your Coralogix PrivateKey, deploy Coralogix SecretLayer form AWS Serverless Repository. You are required to use the parameters below in your deployment.

Parameters and Descriptions

VariableDescription
ApplicationNameApplication name as it appears in your Coralogix UI
CustomDomainCoralogix custom domain. Leave empty if you do not use a custom domain.
CloudWatchLogGroupNameMust contain a list of log group names separated by a comma (log-group1,log-group2,log-group3).
CoralogixRegionRegion [Europe, Europe2, India, Singapore, or US] associated with your Coralogix account domain. If you want to use a custom domain, leave this as default and write the Custom domain in the CustomDomain field.
PrivateKeyYour Coralogix ‘Send Your Data’ API Key
SsmEnabledSet this to True to use AWS Secrets. When enabled, it creates the secret in with the following pattern: “lambda/coralogix/<AWS_REGION>/<Cloudwatch_lambda_name>”) – optional. The field receives ‘True’ or ‘False’. Note: Both layers and Lambda need to be in the same AWS Region.
SubsystemNameSubsystem name as it appears in your Coralogix UI
FunctionArchitectureFunction supports x86_64 or arm64
FunctionMemorySizeMax memory for the function itself. Default is 1024. Do not change.
FunctionTimeoutMaximum time in seconds the function may be allowed to run. Default is 300. Do not change.
NewlinePatternPattern for line splitting. Default is (?:\r\n|\r|\n). Do not change.
NotificationEmail[Optional] If the Lambda fails, a notification email will be sent to this address via SNS. Requires a working SNS with a validated domain.
LayerARNARN for the Coralogix SecurityLayer. Copy the ARN that was installed on the AWS account from the SSM serverless application.

Notes:

  • Do not change the FunctionMemorySizeFunctionTimeout , and NewlinePattern parameters.
  • The application should be installed in the same AWS region as the CloudWatch log group.
  • You may use log field as Application/Subsystem names with the following syntax: $.my_log.field.

Additional Resources

GithubGithub documentation

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

On this page