By using AWS re:Post, you agree to the Terms of Use

Are there any best practices for sending logs from ECS on EC2, ECS on Fargate and other AWS services such as API GW, load balancers (and more AWS services) to Splunk?

0

A customer wants to get various flavors of logs from ECS on EC2, ECS on Fargate, API GW logs, load balancer logs, (and potentially RDS Aurora) to Splunk endpoint

Following have already been referenced to the customer Splunk white paper: https://www.splunk.com/pdfs/white-papers/getting-data-into-gdi-splunk-from-aws.pdf  And a couple of these blog posts https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-part-2-sending-ecs-logs-to-splunk.html https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-and-fargate-part-3-sending-fargate-logs-to-splunk.html 
 The challenge is which approach to use as we they ECS Fargate and ECS on EC2 along with other AWS services for which they want to centralize their logs. Currently they are considering separate lambda functions for ECS, lambda for LBs etc. to pull logs from cloudwatch and push them to Splunk endpoint. Trying to seek suggestions on what could be the best practices.

1 Answer
0

For ECS, you could use the Splunk log driver for ECS as described in https://aws.amazon.com/premiumsupport/knowledge-center/ecs-task-fargate-splunk-log-driver/

answered 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions