Elastic Forwarder for Cloudwatch


We're using the Elastic Serverless forwarder with Cloudwatch and I was wondering if anyone can clarify these questions?

  • What are the parameters around the subscription filter, is it every time a new log hits Cloudwatch or does it craft a batch of events every 10 seconds for example? If it is every time a new log hits Cloudwatch then would we expect a 1-1 relation between lambda function invocations and logs? If not, how does the batching work?

The trigger brings a payload of logEvents from Cloudwatch

  • Does this clarify that the state is managed by the subscription filter in AWS? Lambda is just given a batch of events to process and its the subscription filters job to keep track of which logs have already been forwarded to the Lambda function?

In the troubleshooting steps I found the notion of the a grace period of 2minutes.

Can anybody explain this further?

  • Does this mean that the default lambda function runs for 15minutes, after 13minutes it no longer tries to process the batch of events it was given and instead starts shutting down and bundling up the events it hasn't processed in time to dump into SQS?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.