Amazon CloudWatch Contributor Insights now supports analyzing transformed or enriched logs. With today’s launch, customers can now create Contributor Insights rules on CloudWatch logs that have been transformed into JSON format to create time series that display the top-N contributors, total number of unique contributors, and their usage.
Using transformation and enrichment, customers can structure their logs using pre-configured templates for common AWS services such as AWS Web Application Firewall (WAF), Amazon Virtual Private Cloud (VPC) Flow Logs, or custom transformers such as Grok to analyze transformed log data at account level or log group level. Customers can define the Contributor Insights rules leveraging these transformed logs. Customers can also rename attributes and add additional metadata. For example, customers can create Contributor Insights rules that have been enriched with metadata like accountID or loggroupname, which improves troubleshooting.
Log transformation and enrichment capabilities are available in all AWS Commercial Regions and are included with the existing Standard log class ingestion price. Customers can create Contributor Insights rules on transformed and enriched logs in the Amazon CloudWatch Console or using AWS Command Line Interface (CLI), AWS CloudFormation, AWS Cloud Development Kit (CDK), and AWS SDKs. To learn more about log transformation and enrichment in Amazon CloudWatch Logs and how to leverage it with Contributor Insights, visit the Amazon CloudWatch documentation.
Source:: Amazon AWS