Demo for shipping logs to ELK stack, and to auto-subscribe new log groups
A group of Lambda functions for:

  • shipping logs to (hosted ELK stack)
  • auto-subscribe new log groups to the aforementioned function so you don't have to subscribe them manually
  • auto-updates the retention policy of new log groups to 7 days (configurable)


  1. insert the logstash_host, logstash_port and token in the serverless.yml file (under the ship-logs-to-logzio function's environment variables).

token: your account token. Can be retrieved on the Settings page in the UI. logstash_host: if you are in the EU region insert, otherwise, use You can tell which region you are in by checking your login URL - means you are in the US. means you are in the EU. logstash_port: this should be 5050, but is subject to change. See this page for details.

for example:

  handler: functions/ship-logs/handler.handler
  description: Sends CloudWatch logs to
    logstash_port: 5050
    token: CduNgGwuFFeUVzbXvqVDXoGkjxEdKzc9
  1. run ./ deploy dev to deploy to a stage called "dev"

Updating existing log groups

  1. open the process_all.js script, and fill in the missing configuration values

  2. run node process_all.js