Exam AWS Certified SysOps Administrator - Associate topic 1 question 304 discussion

I vote for B. Seems to me this is the right answer. https://docs.aws.amazon.com/athena/latest/ug/glue-athena.html Why not A Looks like S3 select has several limitations. https://docs.aws.amazon.com/AmazonS3/latest/userguide/selecting-content-from-objects.html According to the question "Errors sometimes do not appear in the same field". So I assume we need more advanced tool. Why not C,D Both Amazon CloudWatch Logs Insights and Amazon CloudWatch Contributor Insights process logs from AWS CloudWatch log groups. But in our case we have logs stored on S3. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights-CreateRule.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

"AWS Glue is a serverless data integration service that can discover, prepare, and combine data for analytics, machine learning, and application development. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL." from Freshtimi down here To query logs stored in Amazon S3, you may need to use Amazon Athena, which is a service designed for querying data in S3. You can use AWS Glue to catalog and prepare the logs in S3, and then query them using Athena. https://docs.aws.amazon.com/athena/latest/ug/glue-athena.html

CloudWatch Logs Insights cannot directly analyze Lambda logs stored in S3. CloudWatch Logs Insights works with logs stored within CloudWatch Logs service, not S3 buckets.

B makes the most sense.

C is the MOST operationally efficient way to analyze the log files

Amazon CloudWatch Logs Insights is specifically designed for analyzing log data efficiently. It allows you to run queries on your log data using a powerful and flexible query language. Given that the logs are in JSON format and the errors have a common string prefix, CloudWatch Logs Insights is well-suited for this task. Option C provides an operationally efficient solution as it directly addresses log analysis needs without requiring additional processing or indexing. With CloudWatch Logs Insights, you can write queries to filter and analyze log data, making it easier to identify errors across multiple log groups.

B is the correct one, if the s3 was not mentioned it might be C then.

Answer: C

CloudWatch Logs Insights automatically discovers fields in logs from AWS services such as Amazon Route 53, AWS Lambda, AWS CloudTrail, and Amazon VPC, and any application or custom log that emits log events as JSON.

just overall from what i've seen if you don't have to don't "mix" services in aws. it makes things more complicated. Which is why I chose C. CW logs insights is made for quering CW log. If not C then B.

B is correct. Question is asking for MOST operationally efficient way. A and C, D require you to run the queries manually across 10 different logs. B is right because you can use Glue to create a AWS Glue Data Catalog ( a logical single data set to query ... made up from the 10 different logs. Then Athena will query the whole Data Catalog. A, C would work, but they are not the most efficient way. https://docs.aws.amazon.com/athena/latest/ug/glue-best-practices.html

"CloudWatch Logs Insights automatically discovers fields in logs from AWS services such as Amazon Route 53, AWS Lambda, AWS CloudTrail, and Amazon VPC, and any application or custom log that emits log events as JSON." https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

C is correct

Ans is B https://docs.aws.amazon.com/athena/latest/ug/glue-athena.html

See my other comments

B. Create an AWS Glue processing job to index the logs of interest. Run a query in Amazon Athena to search for errors. Since the logs are stored in Amazon S3, using AWS Glue to create a processing job to index the logs and then querying them using Amazon Athena is the most operationally efficient way to analyze the log files. AWS Glue is a serverless data integration service that can discover, prepare, and combine data for analytics, machine learning, and application development. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. This combination allows the SysOps administrator to efficiently search for errors across the logs from multiple AWS Lambda functions.

Problem I have is that Lambda by default stores logs in CloudWatch not S3. CloudWatch Logs Insights is a tool for parsing CloudWatch logs, and NOT S3 objects. Parsing S3 CSV/JSON requires Athena, or S3 Select. I agree CloudWatch Logs Insights seems like the tool to use to query a log for a Lambda error, but I also think that applies to Cloudwatch logs and not CSV/JSON logs stored in S3. "S3 Select" looks pretty limited compared to CloudWatch Logs insights. I agree A is not most efficient way, but it also seems CloudWatch Logs Insights (B) is not a tool that can be used to parse JSON/CSV objects stored in S3. We need a seasoned AWS person to weigh in here.