Some AWS services can be configured to ship their logs to an S3 bucket, where can fetch those logs.

Best practices

The S3 API does not allow retrieval of object timestamps, so must collect logs in alphabetical order. Please keep these notes in mind when configuring logging.

  • Make the prefix as specific as possible
    The prefix is the part of your log path that remains constant across all logs. This can include folder structure and the beginning of the filename.

  • The log path after the prefix must come in alphabetical order
    We recommend starting the object name (after the prefix) with the Unix epoch time. The Unix epoch time is always increasing, ensuring we can always fetch your incoming logs.


You can add your buckets in by providing your S3 credentials and configuration.

Configure to fetch logs from an S3 bucket

Before you begin, you’ll need: s3:ListBucket and s3:GetObject permissions for the required S3 bucket

Add the S3 bucket information

To use the S3 fetcher, fill out the S3 bucket information on the S3 fetcher log shipping page. You must be logged in to

Check for your logs

Give your logs some time to get from your system to ours, and then open Kibana.

If you still don’t see your logs, see log shipping troubleshooting.