How can we filter logstreams while adding a Splunk Subscription on aws batch logs using Cloud Formation Template?


Hello, I am trying to filter some specific log streams (prefix*) while adding a Splunk Subscription in my stack CFT. But, I don't see any options of filtering any logstream. The loggroup is /aws/batch/job and I don't want to replicate all batch logs in splunk.

Can someone please help me here?

Check out the following docs:

Hello. I tried to identify if you could do this filter in the Lambda offered as a blueprint, but I couldn't find how. Do you think you could segregate into different Log Groups? This way I would subscribe only to the log group containing logs that go to Splunk. And if you wanted to query using CW Log Insights, you could select both Log Groups.

