AWS logs - Firehose | Grafana Labs

How it works

Complexity: Moderate | Infrastructure: Managed | Latency: Buffered (60-900s)

CloudWatch-based logs collected with Firehose

Log type	Source	Key insights
CloudWatch Logs	Applications, services	Application events, errors
RDS Instance Logs	Database instances	Query logs, slow queries
VPC Flow Logs	Network interfaces	Network traffic, security

Trade-offs

Pros	Cons
High-throughput streaming	Buffering adds latency.
Managed (automatic scaling)	Firehose costs
Automatic retry/error handling	Limited transformation
Native CloudWatch integration	IAM role setup

Documentation

View the full documentation. Learning path coming soon!

AWS Firehose logs

Amazon Data Firehose is your go-to for collecting CloudWatch-based logs. This includes CloudWatch Logs from your applications, RDS instance logs, and VPC Flow Logs.

Firehose is a managed streaming service. You configure a subscription filter on your CloudWatch log group that sends logs to Firehose. Logs flow in, get batched automatically, and deliver to Grafana Cloud with built-in retry and error handling. You don’t manage any compute. AWS handles the scaling.

The trade-off is latency. Firehose buffers logs before delivery, typically anywhere from 60 to 900 seconds depending on your configuration. That’s fine for most use cases. You’re not usually doing real-time alerting on raw log lines.

For CloudWatch-based logs at any scale, Firehose is the recommended approach. It’s simpler to operate, has more predictable costs, and scales seamlessly with growing log volumes.

AWS logs - Firehose

How it works

CloudWatch-based logs collected with Firehose

Trade-offs

Documentation

Script

In this module