The Kinesis Firehose Subscription Filters are created to filter the incoming log events that are applied on the entire log group and not on per log stream basis. Unfortunately, this subscription filtering is currently restricted to per log group level. 
In order to achieve your use-case to forward log events only from a specific log stream to a destination, I suggest you using a lambda function or writing a script that runs the command get_log_events every 5 minutes. Through the Getlogevents CLI command, you can obtain the logs of a specific log stream and then push these logs to the firehose using the script. We recommend reaching out to AWS Support or your AWS point of contact for any production workloads related guidance.
Let me know if this answers your questions. Thank you for your interest in re:Post community.
Reference documents:  Real-time processing of log data with subscriptions - https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html  GetLogevent CLI command - https://docs.aws.amazon.com/cli/latest/reference/logs/get-log-events.html
- asked 6 months ago
- asked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 8 months ago
- How do I stream log data from CloudWatch Logs to a cross-Region and cross-account Kinesis data stream?AWS OFFICIALUpdated 9 months ago
- EXPERTpublished 8 months ago
- A Brief Primer to Onboarding Data To a Healthcare and Life Sciences Data Mesh Leveraging AWS ServicesEXPERTpublished 7 months ago