I want to move logs from
Cloudwatch logs ====> SELF MANAGED ELASTIC SEARCH CLUSTER
The volume of log is 5TB/day
Option1:
I use aws-forwarder plugin provided by Elasticsearch
Option2
I use this flow
Cloudwatch logs ( subscription filter ) ==> AWS Firehose ==> S3 <==== Filebeat ( Elasticsearch )
Any comments/guidance would be appreciated