Are there any best practices for sending logs from ECS on EC2, ECS on Fargate and other AWS services such as API GW, load balancers (and more AWS services) to Splunk?
A customer wants to get various flavors of logs from ECS on EC2, ECS on Fargate, API GW logs, load balancer logs, (and potentially RDS Aurora) to Splunk endpoint
Following have already been referenced to the customer Splunk white paper: https://www.splunk.com/pdfs/white-papers/getting-data-into-gdi-splunk-from-aws.pdf And a couple of these blog posts https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-part-2-sending-ecs-logs-to-splunk.html https://www.splunk.com/en_us/blog/it/splunking-aws-ecs-and-fargate-part-3-sending-fargate-logs-to-splunk.html The challenge is which approach to use as we they ECS Fargate and ECS on EC2 along with other AWS services for which they want to centralize their logs. Currently they are considering separate lambda functions for ECS, lambda for LBs etc. to pull logs from cloudwatch and push them to Splunk endpoint. Trying to seek suggestions on what could be the best practices.
- Newest
- Most votes
- Most comments
For ECS, you could use the Splunk log driver for ECS as described in https://aws.amazon.com/premiumsupport/knowledge-center/ecs-task-fargate-splunk-log-driver/
Relevant content
- asked a year ago
- Accepted Answerasked a year ago
AWS OFFICIALUpdated 4 years ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
