All news with #log management tag

🔍 Amazon CloudWatch Logs Insights query language gains 13 new commands and functions to enhance log querying, transformation, and analysis. New features include string and numeric functions like round, startswith, endswith, case, regex_replace, and haversine, encoding/decoding functions such as urlencode, urldecode, base64encode, base64decode, and parse/analysis commands like parse logfmt, expand, and relevantfields. These additions enable prefix filtering, inline Base64 decoding, logfmt parsing, JSON array expansion, geographic distance calculation, and automatic surfacing of relevant fields across high-cardinality groups.

🏷 CloudWatch Logs Insights now supports querying log groups by tags, allowing searches across all log groups that share key-value tags without listing them explicitly. Tags such as Environment:Production, Application:PaymentService, or Owner:TeamName let teams scope queries by environment, application, or ownership. As log group tags are added or removed, queries automatically reflect the matching log groups, reducing operational overhead as environments scale. This capability is available today in all commercial AWS Regions.

🔎 Amazon has added JOIN and sub-query commands to CloudWatch Logs Insights, enabling queries that span multiple log groups and correlate data from different sources. The new capabilities remove the need to run separate queries and manually merge results, accelerating troubleshooting and investigations. Typical uses include correlating application and infrastructure errors, analyzing security events across services, and tracking user sessions across distributed systems. The features are available today in all commercial AWS Regions.

🔍 Amazon MSK Replicator now delivers replicator logs that provide end-to-end visibility into replication health. The logs surface critical replication events, client errors, and steady-state activity, and include prescriptive guidance to help operators resolve common issues more quickly. Common problems called out in log entries include insufficient permissions on source topics, partition quota exhaustion on target clusters, and records exceeding size limits. You can enable log delivery when creating or updating a Replicator via the AWS Console, AWS CLI, or AWS CloudFormation and forward logs to Amazon CloudWatch, Amazon S3, or Amazon Data Firehose.

🔒 AWS Managed Microsoft AD can now forward Kerberos Encryption audit event logs (Event IDs 201–209) to Amazon CloudWatch Logs. These logs provide visibility into whether clients and services negotiate RC4 or AES encryption, helping you decide whether to upgrade clients for stronger protection or retain compatibility. Enable log forwarding from the directory's Network and Security tab in the Directory Service console. This feature is available in all AWS Regions offering the service except UAE and Bahrain.

🔁 The AWS Professional Services team provides a configuration-driven ETL accelerator that converts custom security logs into OCSF v1.1 and writes OCSF-compliant Parquet files partitioned for use with Amazon Security Lake or other data lakes. The serverless-first solution uses S3, Lambda, DynamoDB, Step Functions and either AWS Glue or EMR Serverless, and ingests mapping and metadata CSVs to drive transformations. An open-source GitHub repository includes deployment artifacts, example mappings, and instructions to validate outputs and run historical loads.

⚙️ Amazon CloudWatch pipelines now supports conditional processing and a new Drop Events processor, letting you apply transformations only to matching log entries. You can set processor-level 'run when' conditions or entry-level conditions across 21 processors such as Add Entries, Grok, and Rename Key. The Drop Events processor filters unwanted entries from third-party connectors to reduce noise and lower costs. These features are available at no additional charge where pipelines are generally available; standard CloudWatch Logs ingestion and storage rates still apply.

🔍 Amazon CloudWatch Logs Insights introduces a new lookup command that lets you enrich log query results by joining log fields with external CSV-based reference tables. Upload a CSV file via CloudWatch → Settings → Logs and reference the table in Logs Insights queries to translate opaque IDs, IPs, or internal resource identifiers into human-readable values at query time. The CSV data does not count toward CloudWatch Logs Insights per-GB scanned query charges, and the capability is available today in all commercial AWS Regions.

🔁 Amazon CloudWatch centralization now supports selecting logs by data source name and type in addition to log group names. Customers can target AWS service logs (automatically discovered) and application logs (via log group tags) to copy telemetry from multiple accounts and regions into a single destination account. Rules can focus on types like VPC Flow Logs, EKS Audit Logs, and CloudTrail Logs to simplify security and operational monitoring. Create or modify centralization rules in the console, AWS CLI, or SDKs; standard CloudWatch Logs pricing applies for ingestion, storage, and data transfer.

🔍 Amazon Managed Streaming for Apache Kafka (MSK) now provides broker logs for Express brokers at no additional cost. Broker logs help operators troubleshoot client connectivity and availability issues and reveal broker behavior during rebalances and fail‑overs. You can deliver operational telemetry to Amazon CloudWatch Logs or Amazon S3, and enable them via the MSK Console or AWS CLI for new and existing Express brokers. Logs are supported in all regions where Express brokers are available.

🛡️ Microsoft has begun rolling out native Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program. The built-in feature is disabled by default and requires uninstalling any Sysmon copies from the Sysinternals site before enabling the native implementation. Administrators can enable it via Settings or by running Dism, then complete installation with sysmon -i. Captured events are written to the Windows Event Log and support custom configuration files to filter telemetry.

🔎 Amazon CloudWatch now provides unified data management and analytics to consolidate operational, security, and compliance data across AWS and third-party sources. The launch enables organization-wide ingestion from AWS sources such as AWS CloudTrail, Amazon VPC, and Amazon WAF, plus managed collectors for CrowdStrike, Okta, and Palo Alto Networks. Customers can use pipelines to transform and enrich logs to standard formats like OCSF and define facets for faster insights. Data can be stored in managed Amazon S3 Tables at no additional storage charge and queried natively or with any Apache Iceberg-compatible analytics tool.

🔍 AWS Site-to-Site VPN now publishes Border Gateway Protocol (BGP) logs from VPN tunnels to Amazon CloudWatch, providing deeper visibility into routing and session behavior. Previously, customers only had access to IKE/IPSec tunnel activity logs; the new BGP logs show session status, transitions, routing updates, and detailed error states. With both tunnel and BGP logs in CloudWatch, teams can correlate events, speed troubleshooting, and identify configuration mismatches between AWS endpoints and customer gateways across commercial Regions and AWS GovCloud (US).

🔍 Amazon OpenSearch Service now includes Cluster Insights, a unified monitoring dashboard that consolidates logs and metrics to give operators comprehensive operational visibility across nodes, indices, and shards. The feature automates correlation of critical data, highlights performance metrics and top‑N query analysis, and surfaces targeted remediation steps to speed troubleshooting. Built into the OpenSearch UI, Cluster Insights retains monitoring resilience during cluster unavailability and provides account‑level summaries for managing multiple deployments. It is available at no additional cost for OpenSearch 2.17 or later in regions where the OpenSearch UI is offered.

🔁 Amazon CloudWatch Logs now supports scheduled Logs Insights queries that run automatically on a recurring cadence and deliver results to Amazon S3 or Amazon EventBridge. This capability lets teams automate log analysis, track trends, and detect anomalies without manually re-running queries. Administrators can configure schedules via the Console, AWS CLI, AWS CDK, or SDKs, and store results for reporting or trigger incident workflows. The feature is available in multiple AWS regions across the US, Europe, Asia Pacific, and South America.

📊 The post describes a new Amazon CloudWatch and Amazon OpenSearch Service dashboard that simplifies analysis of AWS Network Firewall logs by removing previous multi-step setup and streamlining integration. It explains prerequisites, creating an OpenSearch integration and dashboard, selecting log groups, sync intervals, and IAM roles. The overview covers widgets, filters, CSV export, common use cases, and cost considerations to improve visibility and troubleshooting.

🔒 Amazon has added detailed audit logging for OpenSearch Serverless data-plane requests through AWS CloudTrail. Customers can now record and retain user actions on collections — including authorization attempts, index changes, and search queries — to support compliance and incident investigations. Logs can be filtered with read-only or write-only options or captured using advanced event selectors for granular control. Data events are delivered to Amazon S3 and can be forwarded to Amazon CloudWatch Events for real-time monitoring and response.

📊 Amazon GameLift Servers now includes built-in telemetry metrics across all server SDKs and game engine plugins, powered by OpenTelemetry, to generate, collect, and export client-side metrics for game-specific insights. The feature can be configured to collect and publish telemetry from game servers running on managed Amazon EC2 and container fleets, supporting both pre-defined and custom metrics and exporting to Amazon Managed Service for Prometheus or Amazon CloudWatch. Visualizations are available via Amazon Managed Grafana and Amazon CloudWatch dashboards to help optimize resources, improve player experience, and surface operational issues. Telemetry is available in all supported regions except AWS China; see the GameLift Servers documentation for details.

🔎 Amazon CloudWatch Agent now supports configurable Windows Event Log filters for Windows hosts running on Amazon EC2 or on‑premises. You can define per-stream filter criteria in the agent configuration file — including event levels, specific event IDs, and regular expressions set to include or exclude — and the agent evaluates each event to determine whether it should be sent to CloudWatch. This reduces noisy ingestion and helps focus monitoring, troubleshooting, and cost control; the feature is available in all commercial AWS Regions and AWS GovCloud (US).

🚀 AWS for Fluent Bit 3.0.0, based on Fluent Bit 4.1.1 and built on Amazon Linux 2023, is now available for Amazon ECS and Amazon EKS customers. The release introduces native OpenTelemetry (OTel) support to ingest and forward OTLP logs, metrics, and traces with AWS SigV4 authentication, removing the need for additional sidecars. It delivers faster JSON parsing and higher log throughput per vCPU with lower latency, plus configurable TLS minimum versions and cipher controls to strengthen output security. Upgrade by pulling the 3.0.0 image from the Amazon ECR Public Gallery, updating your ECS FireLens task definition, or updating the DaemonSet/Helm release on EKS.