Support Logging setup Amazon CloudWatch logs

Send Amazon Cloudwatch Logs to Loggly

You can push Amazon Cloudwatch Logs (CWL) to Loggly using an Amazon Lambda Blueprint. Please note these instructions are for Cloudwatch Logs, which are different from Cloudwatch metrics. Follow the instructions below.

AWS Setup

1. Encypt Loggly Customer Token

Upgrade AWS CLI to the latest version to get all the updated features.

pip install --upgrade awscli

Create a KMS key using the steps mentioned in the link with alias name : logglyCustomerToken
Encrypt the Loggly Customer Token using the AWS CLI

aws kms encrypt --key-id alias/logglyCustomerToken --plaintext "TOKEN"


2. Create a role

Sign in to your AWS account and open IAM console –
In your IAM console:
– Create a new Role say, ‘cloudwatch-full-access’.
– Select Role type as ‘AWS Lambda’ from the AWS Service Roles.
– Attach policy ‘CloudWatchFullAccess’ and save.

3. Create a Lambda Function

Go to AWS Lambda Console. Click the “Create a Lambda function” button.Create Lambda
Search for the Loggly blueprint by typing below mentioned keyword

Select Blueprint

4. Configure the Event Source

Configure the Event Source to call cloudwatch2loggly. Go to the AWS Lambda Console . Make sure the cloudwatch2loggly lambda function is selected, then click ‘Actions->Add event source‘. Then fill the following details.

Event source type: Cloudwatch Logs
Log Group: Select your log group whose logs you want to send to Loggly.
Filter Name: Provide your filter name
Filter Pattern: This is not a mandatory field. You can keep it empty.
Click on Next button.

5. Configure Function

Fill the following details.

Name: cloudwatch2loggly
Runtime :  Node.js 4.3

In the code Section
Copy the base-64 encoded, encrypted token from step 1’s CLI output (CiphertextBlob attribute) and paste it in place of the ‘your KMS encypted key‘ below in line 27.
Fill the following details after making changes to code.

Role*: cloudwatch-full-access
Set memory at 512MB
Set Timeout to 59 seconds.

Configure Function 02
Click on Next Button

6. Review and Enable Event Source

Click on Create function button on Review Page.
Function Review

Enable the Eventsource by clicking on Disabled State in Function page and press Enable button on the popup.

7. Verify Events

Search Loggly events with the tag as cloudwatch2loggly over the past 20 minutes. It may take few minutes to index the events. If doesn’t work, see the troubleshooting section below.


Advanced Amazon CloudWatch Options


If you don’t see any data show up in the verification step, then check for these common problems.

    • Make sure you’ve included your own customer token
    • Make sure you are using the latest version of AWS CLI
    • Make sure you have configured same roles as mentioned above.
    • Go to your Lamda function in AWS Console and click on View logs in Cloudwatch in the Monitoring tab to view logs.
    • Search or post your own Amazon Cloudwatch logging questions in the community forum.
Thanks for the feedback! We'll use it to improve our support documentation.