Segregate logs in Opensearch based on accounts

0

Hello, I have implemented a central logging solution with Opensearch. There are multiple AWS accounts for different projects. All logs are sent to Single S3 and then to opensearch. How can I segregate logs (cloudtrail, vpc flow logs, ec3 logs, web server logs) based on accounts, since one project doesnt want to see another project logs.

Topics

Management & Governance Developer Tools

Tags

Amazon CloudWatch Monitoring & Logging AWS CloudTrail

Language

English

asked 2 years ago324 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

0

If you follow this process, it will work well and will save you time. We also did the same as you, but kept running into obstacles. So enjoy the process.

https://github.com/aws-samples/siem-on-amazon-opensearch-service

answered 2 years ago

Relevant content

Opensearch Serverless Logs
rePost-User-1545327
asked a year ago
CloudWatch log centralization - cross region and cross account
natte
asked a month ago
Central cloudwatch logs group for vpc flowlogs from multiple accounts
shanmukhaswamy
asked 2 years ago
Multiple Cloudtrail logs into centralized Cloudwatch log account
rePost-User-4136916
asked a year ago
How do I activate audit logs in OpenSearch Service?
AWS OFFICIALUpdated 9 months ago
How do I send AWS WAF logs to an Amazon S3 bucket in a centralized logging account?
AWS OFFICIALUpdated a year ago
How do I troubleshoot slow logs in Amazon OpenSearch Service?
AWS OFFICIALUpdated 3 years ago
How do I stream data from CloudWatch Logs to a VPC-based Amazon OpenSearch Service cluster in a different account?
AWS OFFICIALUpdated 2 years ago
How to customize audit logs in OpenSearch to see which queries were run by users?
EXPERT
Cathy W
published 2 months ago
How to view consolidated log from multiple log streams generated from an AWS Mainframe Modernization application?
EXPERT
Souma Suvra Ghosh
published 3 months ago