Ensure that your AWS Elasticsearch clusters have enabled the support for publishing slow logs to AWS CloudWatch Logs. This feature enables you to publish slow logs from the indexing and search operations performed on your ES clusters and gain full insight into the performance of these operations.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Once enabled, Elasticsearch slow logs can help you identify performance issues caused by specific queries or due to changes in cluster usage. Then you can use this information to optimize your queries or your index configuration to address the problem.
Note: If enabled, the standard Amazon CloudWatch pricing does apply.
To determine if your AWS ES clusters have enabled the support for publishing slow logs (search and index slow logs) to AWS CloudWatch, perform the following:
Remediation / Resolution
To enable Elasticsearch Slow Logs publishing to AWS CloudWatch Logs, perform the following:
- AWS Documentation
- What Is Amazon Elasticsearch Service?
- Creating and Configuring Amazon Elasticsearch Service Domains
- AWS Command Line Interface (CLI) Documentation
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
AWS Elasticsearch Slow Logs
Risk level: Medium