Q13 — AWS SCS-C02 Ch.1

Question 13 of 100 | ← Chapter 1

A company wants to create a log analytics solution for logs generated from its on-premises devices. The logs are collected from the devices onto a server on premises. The company wants to use AWS services to perform near real-time log analysis. The company also wants to store these logs for 365 days for pattern matching and substring search capabilities later. Which solution will meet these requirements with the LEAST development overhead?

Correct Answer: C. Install Amazon Kinesis Agent on the on-premises server to send the logs to Amazon Kinesis Data Firehose. Configure Amazon Managed Service for Apache Flink (previously known as Amazon Kinesis Data Analytics) as the destination for real-time processing. Store the logs in Amazon OpenSearch Service for pattern matching and substring search. Configure an OpenSearch Service Index State Management (ISM) policy to delete the data after 365 days.

Explanation

AWS服务集成方案中,实时流数据处理通常结合Kinesis、Lambda、Managed Flink等组件。Amazon OpenSearch Service(原Elasticsearch)提供全文检索、复杂查询(如正则表达式),适用于日志分析场景。根据AWS架构最佳实践,Kinesis Data Firehose可直接将流数据持久化到S3、Redshift或OpenSearch,无需自定义代码转换。索引生命周期管理(ISM)支持基于时间自动删除旧数据,替代手动维护。选项C通过托管服务组合实现了端到端的日志收集、实时处理和长期存储,其他方案在存储层(DynamoDB不适合复杂查询)、分析能力(MSK需自行处理流计算)或数据归档机制(Athena需额外ETL)存在更高开发复杂度。参考AWS白皮书《Analyzing Log Data》及服务文档中关于OpenSearch文本分析功能的说明。