Skip to content

Configure Error Logs


Amazon Elasticsearch Error Logs pushes lines of WARN, ERROR, and FATAL to CloudWatch. It can help with troubleshooting in many situations, including the following:

  • Painless script compilation issues
  • Invalid queries
  • Indexing issues
  • Snapshot failures

For further information about Error Logs, refer to the Amazon Elasticsearch documentation.


Enable Error Logs to gain more insight into issues with your Amazon Elasticsearch domains and identify issues with domain configurations.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service elasticsearch

Default Rule

const { isAwsElasticsearch } = aws

 * @param {Object} awsElasticsearchDomainStatus - Elasticsearch Domain Status
 * @returns {boolean} true if the Error Logging group is configured
function validate(databaseSettings) {

    const { enabled, logGroupArn } =
        isAwsElasticsearch(databaseSettings) &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain.logPublishingOptions &&
        databaseSettings.awsDatabaseInstance.elasticsearchDomain.logPublishingOptions.applicationLogs || {}

    const success = enabled && !!logGroupArn // To avoid empty arn

    return {

// invoke