Creating a log group in Amazon CloudWatch Logs to retrieve logs in QRadar
You must create a log group in Amazon CloudWatch Logs to make the log available for QRadar® polling.
- Log in to your CloudWatch console (https://console.aws.amazon.com/cloudwatch).
- Select Logs from left navigation pane.
- Click .
- Type the name of your log group. For example, CloudTrailAuditLogs.
Click Create log group.
For more information about working with log groups and log streams, see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html