What Is a Log Stream?
A log stream is an ordered sequence of log events that all originate from the same source—for example, an EC2 instance, Lambda function, or on-premises server. Each event carries a timestamp and a message, forming a timeline of activity for that component. Common log stream contents include:- Application error messages
- User access and transaction logs
- Performance and diagnostics data
Each log stream is unique to its source. You can have multiple streams for different instances of the same application.
What Is a Log Group?
A log group acts as a container for one or more log streams. Think of it as a logical folder that centralizes related streams under common settings and policies. Within a log group, you can configure:- Retention period: How long to keep log data
- Metric filters: Generate CloudWatch metrics from log patterns
- Access control: IAM policies governing who can view or manage logs
Setting a very long retention period can increase storage costs. Review your compliance requirements before adjusting retention.
Log Stream vs. Log Group: At a Glance
| Concept | Definition | Key Use Cases |
|---|---|---|
| Log Stream | Timestamped sequence of events from a single source | Troubleshooting individual instances or components |
| Log Group | Container for multiple streams with shared settings | Centralized management, retention, and monitoring |
Next Steps
In upcoming lessons, we’ll explore how to:- Define and parse log events in CloudWatch Logs
- Create metric filters to extract actionable insights
- Integrate AWS CloudWatch Logs with CloudWatch Alarms