CloudWatch pipelines processors

CloudWatch pipelines processors transform, parse, and enrich log data as it flows through the pipeline. A pipeline can have up to 20 processors that are applied sequentially in the order they are defined.

Transformation metadata

When a pipeline processes log events, CloudWatch pipelines automatically adds transformation metadata to each processed log entry. This metadata indicates that the log has been transformed, making it easy to distinguish between original and processed data. If you enable the Keep original log option during pipeline creation, you can compare the original log with the transformed version at any time.

Processor categories
Category	Description
Parsers	Convert raw log data into structured formats, such as Open Cybersecurity Schema Framework (OCSF), CSV, JSON, and so on
Transformers	Modify log data structure; add, copy, move, or delete fields
String Processors	Manipulate string values; case conversion, trimming, substitution

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS service logs from CloudWatch Logs

Parser processors