Configuring AWS S3 for Log File Searching
Question
A team is currently sending a number of log files over to S3 from various application sources.
The team needs to perform searches on the underlying log files.
Which of the following can be part of the implementation steps for having such a solution in place? Choose 2 answers form the options given below.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and C.
The AWS Documentation mentions the following.
Amazon Elasticsearch Service (Amazon ES) is a managed service that makes it easy to deploy, operate, and scale Elasticsearch clusters in the AWS Cloud.
Elasticsearch is a popular open-source search and analytics engine for use cases such as log analytics, real-time application monitoring, and clickstream analysis.
With Amazon ES, you get direct access to the Elasticsearch APIs; existing code and applications work seamlessly with the service.
You can use Lambda to send data to your Amazon ES domain from Amazon S3
New data that arrives in an S3 bucket triggers an event notification to Lambda, which then runs your custom code to perform the indexing.
Option B is incorrect since Amazon Glacier is used for archive storage.
Option D is incorrect since SNS would just send notifications, but we need to send the data for further analysis.
For more information on integrating Amazon ES with other services, please refer to the below URL.
https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-aws-integrations.htmlThe team needs to perform searches on the log files stored in S3. Therefore, they need a solution that allows them to efficiently search through the log files. The solution should also be scalable, cost-effective, and easy to manage. Two possible options to achieve this are:
A. Create a Lambda function and attach it to the Amazon S3 bucket which is used to ingest the log files: This solution involves creating a Lambda function that is triggered whenever a new log file is uploaded to the S3 bucket. The Lambda function can then parse the log files, extract relevant information, and store it in a search engine like Amazon ElasticSearch. This way, the team can perform searches on the log files in ElasticSearch. This solution is cost-effective as it only incurs charges when the Lambda function is triggered. It is also scalable as Lambda can handle a large number of requests. However, this solution may not be suitable if the log files are very large, as Lambda has a maximum execution time limit of 15 minutes.
C. Send the data from Amazon S3 over to Amazon ElasticSearch: This solution involves sending the log files from S3 to ElasticSearch directly. ElasticSearch is a scalable, managed search engine that allows users to perform searches on large datasets quickly. It can also handle structured and unstructured data. This solution is suitable for large log files as ElasticSearch can handle large volumes of data. However, this solution may be more expensive than the Lambda function solution, as ElasticSearch has a higher cost.
Option B, sending logs files from S3 to Amazon Glacier, is not suitable for log analytics as Glacier is a storage service designed for archiving data and has a higher retrieval latency than S3. Option D, creating a SNS notification and attaching it to the S3 bucket, is not directly related to log analytics and is not a suitable solution for searching log files.
