AWS CloudWatch Logs Integration
Stream CloudWatch log groups to TigerOps via subscription filters. Monitor Lambda, ECS, EKS, and EC2 logs with AI anomaly detection and cross-service correlation across your AWS estate.
How It Works
Deploy the TigerOps Kinesis Lambda
Deploy the TigerOps CloudWatch Logs forwarder Lambda function via CloudFormation or Terraform. The function subscribes to your log groups and forwards events to the TigerOps ingestion endpoint.
Create Subscription Filters
Add CloudWatch Logs subscription filters on your log groups pointing to the TigerOps Kinesis stream or Lambda function. Use filter patterns to forward only relevant log events.
Configure Log Group Discovery
Enable auto-discovery to automatically subscribe new log groups matching a name prefix or tag. TigerOps uses EventBridge to detect new log group creation and applies subscription filters automatically.
Correlate with AWS Metrics
TigerOps joins CloudWatch log events with CloudWatch metrics (Lambda duration, ECS CPU, RDS query latency) for unified dashboards. AI detects correlated anomalies across logs and metrics.
What You Get Out of the Box
Subscription Filter Streaming
Real-time log streaming from CloudWatch via Lambda or Kinesis Data Firehose subscription filters. Events arrive in TigerOps within seconds of being written to CloudWatch.
Auto-Discovery of New Log Groups
TigerOps monitors EventBridge for CreateLogGroup events and automatically applies subscription filters to new log groups matching your configured prefix patterns — no manual setup per service.
Lambda Function Log Parsing
Parse Lambda REPORT lines to extract billed duration, memory used, and cold start indicators. TigerOps tracks per-function p99 duration, cold start rates, and timeout rates automatically.
ECS and EKS Container Log Ingestion
Route ECS task logs and EKS pod logs from CloudWatch to TigerOps with container metadata enrichment. Filter and route by cluster, service, task definition, and log stream name.
CloudWatch Insights Query Migration
TigerOps provides a CloudWatch Logs Insights to TigerQL query migration tool. Convert your saved insights queries to TigerOps equivalents while retaining the same analytical results.
Cross-Region Log Aggregation
Aggregate CloudWatch logs from multiple AWS regions and accounts into a single TigerOps workspace. Use IAM cross-account roles to stream logs from member accounts to a central TigerOps forwarder.
Terraform: CloudWatch Subscription Filter
Deploy the TigerOps Lambda forwarder and subscription filters using Terraform.
# Deploy TigerOps CloudWatch Logs forwarder
module "tigerops_forwarder" {
source = "tigerops/cloudwatch-forwarder/aws"
version = "~> 1.0"
tigerops_api_key = var.tigerops_api_key
tigerops_endpoint = "https://ingest.atatus.net"
# Auto-subscribe log groups matching these prefixes
log_group_prefixes = [
"/aws/lambda/",
"/aws/ecs/",
"/aws/eks/",
"/aws/rds/",
]
# Kinesis stream for high-volume log groups
use_kinesis = true
kinesis_shard_count = 2
}
# Manual subscription filter for a specific log group
resource "aws_cloudwatch_log_subscription_filter" "app_logs" {
name = "tigerops-app-logs"
log_group_name = "/app/production/api"
filter_pattern = "" # forward all events
destination_arn = module.tigerops_forwarder.lambda_arn
depends_on = [aws_lambda_permission.tigerops_cwlogs]
}
resource "aws_lambda_permission" "tigerops_cwlogs" {
statement_id = "AllowCWLogs"
action = "lambda:InvokeFunction"
function_name = module.tigerops_forwarder.lambda_function_name
principal = "logs.amazonaws.com"
source_arn = "arn:aws:logs:${var.region}:${var.account_id}:log-group:/app/production/api:*"
}Common Questions
What is the recommended architecture for streaming CloudWatch logs to TigerOps?
The recommended approach is a Lambda forwarder subscribed to CloudWatch log groups via subscription filters. For very high volumes (>100 GB/day), use Kinesis Data Firehose as the subscription destination with TigerOps as the HTTP endpoint.
Does TigerOps support CloudWatch Logs from multiple AWS accounts?
Yes. Deploy the TigerOps forwarder Lambda in each AWS account, or use AWS Organizations and cross-account Kinesis streams to centralize log forwarding. All logs land in the same TigerOps workspace, tagged with the source account ID.
How does TigerOps handle the CloudWatch Logs subscription filter limit?
CloudWatch allows 2 subscription filters per log group. If you already use one (e.g., for Splunk), use Kinesis Data Streams as the second subscription target, then stream from Kinesis to both Splunk and TigerOps simultaneously.
Can TigerOps automatically subscribe to all Lambda function log groups?
Yes. TigerOps auto-discovery monitors EventBridge for CreateLogGroup events matching /aws/lambda/* prefix. New Lambda functions get subscribed within seconds of their log group creation — no manual setup required.
What is the latency between CloudWatch log write and TigerOps visibility?
With Lambda subscription filters, end-to-end latency is typically 5–15 seconds. With Kinesis Data Firehose, latency is 60 seconds at the default buffer interval (configurable down to 60s minimum). Lambda is recommended for real-time alerting.
Escape CloudWatch Logs Insights Limits
Stream all your CloudWatch log groups to TigerOps. AI anomaly detection, 13-month retention, and cross-service correlation. Deploy in 10 minutes.