Log Forwarding in AEM as a Cloud Service – Splunk vs S3

Adobe Experience Manager (AEM) as a Cloud Service allows you to forward system and application logs to external destinations. This feature is called Log Forwarding, and it helps teams monitor, analyze, and store logs outside AEM.

Why Log Forwarding?

Log forwarding lets you centralize logs from AEM environments like dev, stage, and prod into your preferred logging platform. You can use tools like Splunk for live analytics or Amazon S3 for long-term storage and compliance.

1. Forwarding Logs to Splunk

To send AEM logs to Splunk, configure your log-forwarding.yaml file with Splunk details such as the host, port, and access token.

kind: "LogForwarding"
version: "1"
metadata:
  envTypes: ["stage", "prod"]
data:
  splunk:
    default:
      enabled: true
      host: "collector.xyz.com"
      port: 6580
      token: ${{YOUR_SPLUNK_TOKEN}}
      index: "aemaacs"
    aem:
      advancedNetworking: true

How it works:

• Logs from AEM Author and Publish instances are forwarded to your Splunk collector.
• The token provides authentication to the Splunk endpoint.
• advancedNetworking allows secure data transfer within Adobe’s managed network setup.

When to use: Choose Splunk if you want real-time log monitoring, dashboards, and alerting.

2. Forwarding Logs to Amazon S3

If you need to store logs for auditing or long-term retention, you can forward them to an S3 bucket. Here’s an example configuration:

kind: "LogForwarding"
version: "1"
metadata:
    envTypes: ["dev", "stage", "prod"]
data:
    awsS3:
        default:
            enabled: true
            region: "us-east-1"
            bucket: "YOUR_BIT_BUCKET"
            accessKey: "${{YOUR_AWS_S3_LOG_FORWARD_ACCESS_KEY}}"
            secretAccessKey: "${{YOUR_AWS_S3_LOG_FORWARD_ACCESS_SECRET_KEY}}"
        aem:
            advancedNetworking: true

How it works:

• Logs are written to your specified S3 bucket in the given AWS region.
• Access keys authenticate the upload process securely.
• Useful for cost-effective, long-term log retention and analysis using AWS tools like Athena or CloudWatch.

When to use: Choose S3 if you want to store logs for future analysis or compliance without needing real-time dashboards.

Splunk vs S3 – Quick Comparison

Feature	Splunk	Amazon S3
Use Case	Real-time log analysis and alerting	Long-term storage and auditing
Integration	Requires Splunk collector endpoint	Requires AWS S3 bucket and credentials
Access	Search and dashboard in Splunk UI	Access logs from S3 console or via AWS tools
Best For	Monitoring, operations, DevOps teams	Compliance, audit, and archival needs

Best Practices

• Always store access tokens and keys as environment secrets in Cloud Manager.
• Limit log forwarding only to necessary environments to manage cost and data flow.
• Use advancedNetworking for secure connections when available.
• Test log forwarding in the dev environment before enabling in production.

With AEM’s log forwarding flexibility, you can integrate your cloud logs easily into enterprise monitoring systems or cloud storage platforms depending on your operational needs.