Creating a log group in Amazon CloudWatch Logs to retrieve logs in QRadar

You must create a log group in Amazon CloudWatch Logs to make the log available for QRadar polling.

Procedure

  1. Log in to your CloudWatch console (https://console.aws.amazon.com/cloudwatch).
  2. Select Logs from left navigation pane.
  3. Click Actions > Create Log Group.
  4. Type the name of your log group. For example, CloudTrailAuditLogs.
  5. Click Create log group.

    For more information about working with log groups and log streams, see https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Working-with-log-groups-and-streams.html