Clarification and Assistance for Log Access in Central Log Bucket
Closed this issue · 4 comments
Hello, and thank you for this project.
While experimenting with LZA, a specific use case has prompted some questions. I created a CloudWatch log group in a child account and added a dummy log entry to observe the log archival to the central log bucket. In the event that access to a log from the central bucket becomes necessary, we'd like to understand the steps involved.
We tried logging in to the log archive account and attempt to download the log but thought there might be an issue with the encryption as the file is not readable.(attached below)
Any assistance on this matter would be greatly appreciated.
Hi @dgokcin ! Thank you for reaching out. The CloudWatch Logs are being transferred in native format by Kinesis Firehose, per our documentation. We were running into issues with parquet format, and as a result had to change the file format to what the service natively supports. To work around this issue, you can rename the file with appending the json.gz file extension (e.g. test -> test.json.gz).
Please let me know if this workaround works for you.