18

I'm trying to setup Amazon Cloud Watch as a remote logging destination for some C# applications I am working on. One thing that is not clear to me is the difference between a Log Group and a Log Stream and how they should be used?

I have a number of small applications which many different users will be running on many computers. So I would like to be able to easily identify the source application, and machine for each log message.

My understanding is a Log Stream is a "sequence of log events that share the same source", so it seems like I would want to create a new Log Stream for each machine or each user per machine. Does this sound right?

Jakobovski
  • 3,203
  • 1
  • 31
  • 38
Eric Anastas
  • 21,675
  • 38
  • 142
  • 236

1 Answers1

6

It all depends on the level of aggregation that you want:

  • if you define instance as a source and set instance_id for the name of the stream, then you will have separate log streams for your instances.
  • If you define your application as a source and set e.g. "MyApp" as the name of the stream then all the instances that are running your application will send log events to the same stream. You will be able to handle application log events together, generate metrics and create alarms on those etc.
tpolyak
  • 1,234
  • 1
  • 9
  • 15
  • 12
    What is the difference between a Log Group and a Log Stream? – Daniel Hollinrake Oct 10 '17 at 13:27
  • 6
    From the documentation: A log stream is a sequence of log events that share the same source. More specifically, a log stream is generally intended to represent the sequence of events coming from the application instance or resource being monitored. For example, a log stream may be associated with an Apache access log on a specific host [...] Log groups define groups of log streams that share the same retention, monitoring, and access control settings. Each log stream has to belong to one log group. See http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogsConcepts.html – tpolyak Oct 17 '17 at 14:03