5.7 KiB
How to configure logging destinations
Efficiently streaming and managing data is crucial for cloud customers. Amazon Web Services (AWS) provides robust tools for this purpose, with AWS Kinesis Date Firehose and Kinesis Data Streams being popular choices. This guide will help you set up the necessary infrastructure and configure your AWS environment to stream data to destinations like Sumo Logic and Splunk with Fleet.
With Fleet, you’re able to send with Automation to your logging destination:
Choosing your destination mechanism
AWS offers two primary options for streaming data: Kinesis Data Streams and Kinesis Data Firehose. Select the one that best fits your needs:
- Kinesis Data Streams: Ideal for real-time data processing with low latency, Kinesis Data Streams is an AWS service for real-time data streaming. It enables you to continuously capture gigabytes of data per second from hundreds of thousands of sources, such as website clickstreams, database event streams, financial transactions, and social media feeds. This data can then be processed and analyzed in real-time.
- Kinesis Data Firehose: Kinesis Data Firehose is a fully managed service that simplifies loading streaming data into data lakes, data stores, and analytics services. It can capture, transform, and load streaming data into AWS services like Amazon S3, Amazon Redshift, and Amazon Elasticsearch Service, as well as third-party services like Splunk and Sumo Logic.
flowchart LR
A["Fleet instance"] --> B["Kinesis Firehose"] --> C["Data {lake,store,analytics}"]
B --"Undelivered logs"--> D("AWS S2")
Step 1: Set Up the required infrastructure
Before streaming data, ensure that you have the necessary infrastructure. The resources might be owned by another team or group in your organization:
-
IAM Role ARN of the Fleet service: The ARN (Amazon Resource Name) of the IAM (Identity and Access Management) role will be assuming the IAM role defined in this module to gain the permissions required to write to the Kinesis Data Stream(s). For example, this role might permit Fleet to write data from your Kinesis stream.
-
IAM Role ARN for assumption: The role that the Fleet service will assume, granting it the necessary permissions. This is typically used to delegate access control, enabling the Fleet service to perform actions on your behalf.
-
ExternalId: This is optional but recommended to enhance security by ensuring that only trusted entities can assume the role. The ExternalId helps prevent unauthorized access by adding an extra layer of security. More details can be found in the AWS IAM User Guide.
Note for Cloud Customers:
-
Pick your destination mechanism (Kinesis/Firehose).
-
Set up the required infrastructure:
Step 2: Configure your destination
For Sumo Logic
Sumo Logic supports data ingestion via HTTP, making it a reliable choice for log management and analytics. To set up Sumo Logic as your Firehose destination:
- Create a Sumo Logic hosted collector/receiver: This enables Sumo Logic to pull data from the stream.
- Set up Firehose: Follow the steps outlined in the AWS documentation to configure Firehose to send data to Sumo Logic.
- Configure Sumo Logic: Refer to the detailed steps provided by Sumo Logic in their documentation.
For Splunk
Splunk is a powerful platform for searching, monitoring, and analyzing machine-generated big data. You can configure Fleet to send logs to Splunk.
Conclusion
By carefully setting up your IAM roles and configuring your data streams, you can efficiently stream data to platforms like Sumo Logic and Splunk using AWS Kinesis Firehose. This setup simplifies data management and enhances your ability to analyze and act on your data in real-time, in S3, or for other teams and tools such as your SIEM platforms and CMS. For more detailed steps, refer to the respective documentation for Sumo Logic and Splunk.