Ingest, search, and analyze your CloudWatch logs with OpenSearch, Athena, and pre-built dashboards. Runs entirely in your AWS account — no data leaves your VPC.
View on AWS Marketplace → Learn MoreDeploy a production-ready log processing pipeline via CloudFormation. Two stacks, 15 minutes, fully configured.
CloudWatch → Firehose → S3 with configurable buffering and GZIP compression.
Full-text search with pre-built dashboards, index patterns, and ISM retention policies.
Query logs with SQL via partition-projected Glue tables — no crawlers needed.You manage access to the datalake through IAM policies.
Regex-based log group matching with per-stream routing to different indexes. Subscription management enhanced with queriable user providedmetadata name/value pairs.
Manage subscriptions via JSON, CSV, or XML — update from S3 without redeploying. Rollback with built-in versioning.
ALB + Cognito + Nginx proxy for secure OpenSearch Dashboards access.
Pre-built dashboard with Lambda, SQS, Firehose, OpenSearch, and per-index metrics.
Lambda errors, DLQ depth, Firehose freshness, OpenSearch health — all with SNS email.
Runs in isolated subnets with VPC endpoints — no internet egress. FedRAMP/HIPAA ready.
Find Log Processor on AWS Marketplace and subscribe.
Deploy the CloudFormation stack with your resource prefix and certificate ARN.
Wait 15 minutes for OpenSearch, then deploy the config stack.
Configure subscriptions and start searching your logs.
Software fee only. AWS infrastructure costs are billed directly by AWS to your account.
No. Everything runs inside your VPC. Logs flow from CloudWatch → Firehose → S3 → Lambda → OpenSearch, all within your account.
Yes. Disable OpenSearch and use the datalake-only mode with Athena for SQL queries at a fraction of the cost (~$29/mo fixed).
Update the subscriptions file (JSON, CSV, or XML) in S3. The Lambda picks up changes automatically — no redeployment needed.
Your data remains in S3 and OpenSearch. Delete the CloudFormation stacks when ready. Snapshot buckets can be retained for disaster recovery.
Yes. Each index type (app, audit, or custom) has independent retention policies in both OpenSearch and the S3 datalake.
The default deployment uses isolated VPC subnets with no internet egress, KMS encryption, and secure transport enforcement — meeting the network isolation requirements for compliance frameworks.
Included with all subscriptions: documentation, bug fixes, security patches, and email support.
Support: support@perfware.cloud
Professional services: consulting@perfware.cloud
Initial setup • Custom integration • Managed service