Writing to Kinesis Data Firehose Using CloudWatch Logs - Amazon Kinesis Data Firehose
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Writing to Kinesis Data Firehose Using CloudWatch Logs

Important

CloudWatch log events are compressed with gzip level 6. If you want to specify Splunk as the destination for the delivery stream, use a Lambda function to decompress the records to UTF-8.and single-line JSON. For information about using Lambda functions with a delivery stream, see Amazon Kinesis Data Firehose Data Transformation.

Important

Amazon Kinesis Data Firehose currently does not support the delivery of CloudWatch Logs to Amazon OpenSearch Service destination because Amazon CloudWatch combines multiple log events into one Firehose record and Amazon OpenSearch Service cannot accept multiple log events in one record. As an alternative, you can consider Using subscription filter for Amazon OpenSearch Service in CloudWatch Logs.