Skip to content

Step 3: Ingest AWS CloudTrail Logs

You can build a log analytics pipeline to ingest AWS CloudTrail logs.

Important

Make sure your CloudTrail and Centralized Logging with OpenSearch are in the same AWS Region.

  1. Sign in to the Centralized Logging with OpenSearch Console.
  2. In the navigation pane, select AWS Service Log Analytics Pipelines.
  3. Choose Create a log ingestion.
  4. In the AWS Services section, choose AWS CloudTrail.
  5. Choose Next.
  6. Under Specify settings, for Trail, select one from the dropdown list.
  7. Choose Next.
  8. In the Specify OpenSearch domain section, select the imported domain for Amazon OpenSearch domain.
  9. Choose Yes for Sample dashboard.
  10. Keep default values and choose Next.
  11. Choose Create.