A company is running an application on Amazon EC2 instances. A DevOps engineer needs to aggregate the application logs to a central system for the company's application team to search. A critical error message periodically appears in the log files. The DevOps engineer needs to notify the application team by email when these error messages occur.
Which solution will meet these requirements in the MOST operationally efficient manner?
The most operationally efficient solution is to configure the unified Amazon CloudWatch agent on the EC2 instances to publish the application log files to a CloudWatch log group. Then, configure a metric filter on the CloudWatch log group to detect critical errors and create a custom metric. Subsequently, create an Amazon Simple Notification Service (Amazon SNS) topic and configure a CloudWatch alarm to use the custom metric to notify the SNS topic. Finally, subscribe the application team's email address to the SNS topic. This method leverages built-in AWS services that simplify log management and alerting while minimizing operational overhead compared to other options involving additional services like Amazon Kinesis or Amazon OpenSearch Service.
A for me
A for me
A is correct.
I vote A
The Key here is, the engineer needs to aggregate the application logs to a central system for the company's application team to search. Opensearch is the best option for the centralized log search
A is good. D is more operationally efficient https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_OpenSearch_Stream.html
"MOST operationally efficient", I think A is more operationally efficient than D. On A, we only need to operate CWL and SNS On D, we have to operate CWL, SNS and OpenSearch
Both A and D are valid for me. For A you need to provide all the developers access to AWS for checking CloudWatch, and searching in CloudWatch is worst than in OpenSearch, maybe it is less efficient ...
A seems to be the best but why saying create custom metric? metric filter doesn't create custom metric
Most operationally efficient - A Centralized/Search logs - CloudWatch Log Insights can do this for much cheaper price and without needing additional services