Amazon Data Firehose (Firehose) decompression for CloudWatch Logs now supports message extraction. This allows customers to automatically filter out header information and deliver only the message content from CloudWatch Logs to a destination such as Amazon S3 or Splunk for analysis.
Customers use Firehose to decompress and aggregate log events from applications and services captured in Amazon CloudWatch Logs and log events from Amazon S3, Splunk, etc. for use cases such as application troubleshooting and audit compliance. Deliver to destination. CloudWatch log records use a nested JSON structure, and each record’s message is embedded within header information. Many customers prefer to filter out the header information and simply deliver the embedded message to the destination to reduce subsequent processing and storage costs. With message extraction, Firehose provides a simple option that customers can choose to filter out header information and deliver only the embedded message content. If a customer uses Firehose decompression for their CloudWatch Logs, there is no additional charge to apply message extraction.
To learn more about this feature and get started, visit the Amazon Data Firehose documentation and console.
