[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-aws-logging-opensearch-s3-centralized-platform-zh":3,"article-related-aws-logging-opensearch-s3-centralized-platform-zh":31,"series-industry-5ff3a2f2-8b5a-469d-94bd-4a03af33e2c6":76},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"5ff3a2f2-8b5a-469d-94bd-4a03af33e2c6","aws-logging-opensearch-s3-centralized-platform-zh","AWS 日誌應分流到 OpenSearch 與 S3，而不是硬塞進單一平台","\u003Cp data-speakable=\"summary\">\u003Ca href=\"\u002Ftag\u002Faws\">AWS\u003C\u002Fa> 日誌最好的做法，是用 OpenSearch 做即時搜尋、用 S3 做長期保存，而不是把所有需求塞進同一套系統。\u003C\u002Fp>\u003Cp>AWS 的集中式日誌應該拆成兩條路：OpenSearch 處理熱查詢，S3 負責歸檔，硬把兩者合一只會先把成本拉高，再把可用性拖垮。\u003C\u002Fp>\u003Cp>這不是抽象主張。Anblicks 的架構就是用 Fluent Bit 在 EKS 上並行送出日誌，一路進 Amazon OpenSearch 做即時排障，一路進 Amazon S3 做長期保留，歷史查詢再交給 Athena。這種設計符合事故現場的真實需求：故障發生時，工程師要的是秒級搜尋；事故結束後，審計、鑑識、趨勢分析要的是低成本保存。把這兩件事塞進同一個儲存層，日誌系統很快就會先\u003Ca href=\"\u002Fnews\u002Fdcs-market-forecast-plant-control-growth-zh\">變成成\u003C\u002Fa>本問題，再變成觀測問題。\u003C\u002Fp>\u003Ch2>第一個論點：熱日誌和冷日誌本來就不是同一種工作\u003C\u002Fh2>\u003Cp>OpenSearch 的強項是速度，不是永久保存。當 production 出現異常時，真正有價值的是能立刻搜尋最近的日誌、依服務過濾、把事件串起來。Anblicks 把 OpenSearch 放在即時路徑上、再用 OpenSearch Dashboards 做前端，正是因為排障需要的是低延遲讀取，不是把過去兩年的每一行 log 都索引進去。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782896578775-vho8.png\" alt=\"AWS 日誌應分流到 OpenSearch 與 S3，而不是硬塞進單一平台\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>S3 則正好相反，它便宜、耐久，適合大規模保留。AWS 將日誌持續歸檔到 S3 的做法是對的，因為日誌量通常長得比團隊預期快得多。若把所有資料都留在 OpenSearch，成本會同時從 shard、儲存和叢集維運三個方向上升。分流架構把昂貴的搜尋索引維持在小而快的狀態，把歷史資料放進低成本儲存，這才是可持續的設計。\u003C\u002Fp>\u003Ch2>第二個論點：Fluent Bit 讓分流變成可操作方案\u003C\u002Fh2>\u003Cp>這個架構最有力的地方，是 Fluent Bit 可以同時送往兩個目的地，而且不會把收集器本身\u003Ca href=\"\u002Fnews\u002Fmeta-opens-astryx-agent-readable-ui-work-zh\">變成\u003C\u002Fa>瓶頸。文章中的 Fluent Bit 以 DaemonSet 跑在 EKS 上，代表每個節點都有一個輕量收集器貼近工作負載。這很重要，因為集中式日誌最常失敗的原因之一，就是收集器太重，開始和應用程式搶資源。Fluent Bit 足夠小，幾乎不會被感知，卻又足夠靈活，可以把同一份串流同時送到 OpenSearch 和 S3。\u003C\u002Fp>\u003Cp>雙寫才是把架構變成營運能力的關鍵。團隊不必在「即時可見」和「長期保留」之間二選一，管線本身就同時滿足兩者。當資安團隊要回頭查上個月的登入尖峰，Athena 可以直接查 S3 archive；當 SRE 要追一波 5xx 暴增，OpenSearch 已經完成索引、可以立刻搜尋。這套平台之所以成立，不是因為它極簡，而是因為每一層都只做自己最擅長的事。\u003C\u002Fp>\u003Ch2>反方可能怎麼說\u003C\u002Fh2>\u003Cp>最強的反對意見是：分流日誌會增加零件數。OpenSearch、S3、Athena、Glue、SNS、Fluent Bit，整套看起來比單一觀測平台複雜得多。對小團隊來說，一個把 ingestion、search、retention、dashboard、alerting 全包的雲端產品，確實更像「少一個\u003Ca href=\"\u002Fnews\u002Fkawa-useful-release-sovereign-ai-control-not-novelty-zh\">控制\u003C\u002Fa>平面、少一張帳單」的答案。這個理由很真實，因為當團隊很小、事故量也低時，營運簡化本身就是價值。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782896574885-9pj9.png\" alt=\"AWS 日誌應分流到 OpenSearch 與 S3，而不是硬塞進單一平台\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>另一個反對點是成本與維運。開源加 AWS 並不等於免費，反而代表有人得管 retention policy、index lifecycle、查詢模式、壓縮、partition 和告警規則。若團隊沒有能力把這些細節調好，架構就可能從「可控」變成「吵雜且昂貴」。\u003C\u002Fp>\u003Cp>但這個反方論點只在一個前提下成立：你把日誌當成看板功能，而不是營運基礎設施。若目標是能長期支撐 production，分流就不是多餘複雜度，而是必要複雜度。把低延遲搜尋和低成本保存拆開，才能同時保住可用性與成本控制。對極小團隊，單一平台可以接受；但只要你已經在跑 EKS、EC2、Lambda 和 load balancer，這種分工就是正確答案。\u003C\u002Fp>\u003Ch2>你能做什麼\u003C\u002Fh2>\u003Cp>如果你是工程師，先按日誌年齡和查詢目的設計管線：最近、最常查的日誌放 OpenSearch，全部原始資料歸檔到 S3，歷史分析交給 Athena。若你是 PM 或創辦人，把日誌當成基礎設施預算與保留政策來管理，不要把它當成一個漂亮的儀表板。要為現在的事故設計，也要為六個月後的審計設計。\u003C\u002Fp>","AWS 集中式日誌最好的做法，是讓 OpenSearch 負責即時搜尋，讓 S3 負責長期保留，兩者分工比單一平台更實用也更省成本。","www.anblicks.com","https:\u002F\u002Fwww.anblicks.com\u002Fblog\u002Fbuilding-a-centralized-logging-platform-on-aws-using-fluent-bit-opensearch-and-s3\u002F",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782896578775-vho8.png","industry","zh","e9f60ab8-463b-47c5-a7b7-df6c8f44ae92",[17,18,19,20,21,22],"AWS","OpenSearch","S3","Fluent Bit","集中式日誌","觀測性架構",[24,25,26],"OpenSearch 適合即時搜尋，S3 適合長期保留，兩者分工比單一平台更合理。","Fluent Bit 可以同時把日誌送到 OpenSearch 與 S3，讓架構同時滿足排障與歸檔。","對已經在跑雲原生工作負載的團隊，分流日誌是可持續的預設方案。",0,"2026-07-01T09:02:21.388238+00:00","2026-07-01T09:02:21.373+00:00","f2c5fdb9-8e47-498a-ad3d-1e7ab235a0c4",{"tags":32,"relatedLang":35,"relatedPosts":39},[33],{"name":17,"slug":34},"aws",{"id":15,"slug":36,"title":37,"language":38},"aws-logging-opensearch-s3-centralized-platform-en","AWS logging should be split between OpenSearch and S3","en",[40,46,52,58,64,70],{"id":41,"slug":42,"title":43,"cover_image":44,"image_url":44,"created_at":45,"category":13},"78862c57-6d3f-4761-89ce-20f3f86246bf","bootdev-go-course-turns-syntax-into-services-zh","Boot.dev 的 Go 課程把語法帶到服務層","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782908273465-j8m0.png","2026-07-01T12:17:22.638822+00:00",{"id":47,"slug":48,"title":49,"cover_image":50,"image_url":50,"created_at":51,"category":13},"d4c48f57-3c66-4f40-9b06-76ceec529b87","suse-openchip-risc-v-eu-sovereign-stack-zh","SUSE 和 Openchip 把 RISC-V 變成 EU stack","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782907403535-s085.png","2026-07-01T12:02:56.092615+00:00",{"id":53,"slug":54,"title":55,"cover_image":56,"image_url":56,"created_at":57,"category":13},"9e53719f-5134-4bf1-8fe2-6471ee921eb5","risc-v-hobbyists-open-hardware-obsession-zh","RISC-V 業餘玩家證明了：開放硬體仍獎勵偏執式工程","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782906469131-qew3.png","2026-07-01T11:47:21.427953+00:00",{"id":59,"slug":60,"title":61,"cover_image":62,"image_url":62,"created_at":63,"category":13},"a0b99632-c8ec-4590-8549-4f9cbbb48b88","microsoft-build-2026-securing-code-agents-models-zh","Microsoft Build 2026：先管住 AI 再談加速","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782903772745-9sqj.png","2026-07-01T11:02:29.280907+00:00",{"id":65,"slug":66,"title":67,"cover_image":68,"image_url":68,"created_at":69,"category":13},"376489b6-f1cf-4e51-94fe-1d6eec955594","5-details-pentagon-agent-network-ai-battle-decisions-zh","5 個細節看懂五角大廈 Agent Network","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782902869112-j6ty.png","2026-07-01T10:47:21.956845+00:00",{"id":71,"slug":72,"title":73,"cover_image":74,"image_url":74,"created_at":75,"category":13},"3fa754ae-c223-4e32-b8ed-f1f922ab60a4","codex-openai-coding-agent-real-work-zh","Codex 的 5 個關鍵模組，先看用途再選入口","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1782900170879-xfdo.png","2026-07-01T10:02:22.517262+00:00",[77,82,87,92,97,102,107,112,117,122],{"id":78,"slug":79,"title":80,"created_at":81},"ee073da7-28b3-4752-a319-5a501459fb87","ai-in-2026-what-actually-matters-now-zh","2026 AI 真正重要的事","2026-03-26T07:09:12.008134+00:00",{"id":83,"slug":84,"title":85,"created_at":86},"83bd1795-8548-44c9-9a7e-de50a0923f71","trump-ai-framework-power-speech-state-preemption-zh","川普 AI 框架瞄準電力、言論與州權","2026-03-26T07:12:18.695466+00:00",{"id":88,"slug":89,"title":90,"created_at":91},"ea6be18b-c903-4e54-97b7-5f7447a612e0","nvidia-gtc-2026-big-ai-announcements-zh","NVIDIA GTC 2026 重點拆解","2026-03-26T07:14:26.62638+00:00",{"id":93,"slug":94,"title":95,"created_at":96},"4bcec76f-4c36-4daa-909f-54cd702f7c93","claude-users-spreading-out-and-getting-better-zh","Claude 用戶更分散，也更會用","2026-03-26T07:22:52.325888+00:00",{"id":98,"slug":99,"title":100,"created_at":101},"bd903b15-2473-4178-9789-b7557816e535","openclaw-raises-hard-question-for-ai-models-zh","OpenClaw 逼問 AI 模型價值","2026-03-26T07:24:54.707486+00:00",{"id":103,"slug":104,"title":105,"created_at":106},"eeac6b9e-ad9d-4831-8eec-8bba3f9bca6a","gap-google-gemini-checkout-fashion-search-zh","Gap 把結帳搬進 Gemini","2026-03-26T07:28:23.937768+00:00",{"id":108,"slug":109,"title":110,"created_at":111},"0740e53f-605d-4d57-8601-c10beb126f3c","google-pushes-gemini-transition-to-march-2026-zh","Google 把 Gemini 轉換延到 2026 年 3…","2026-03-26T07:30:12.825269+00:00",{"id":113,"slug":114,"title":115,"created_at":116},"e660d801-2421-4529-8fa9-86b82b066990","metas-llama-4-benchmark-scandal-gets-worse-zh","Meta Llama 4 分數風波又擴大","2026-03-26T07:34:21.156421+00:00",{"id":118,"slug":119,"title":120,"created_at":121},"183f9e7c-e143-40bb-a6d5-67ba84a3a8bc","accenture-mistral-ai-sovereign-enterprise-deal-zh","Accenture 攜手 Mistral AI 賣主權 AI","2026-03-26T07:38:14.818906+00:00",{"id":123,"slug":124,"title":125,"created_at":126},"191d9b1b-768a-478c-978c-dd7431a38149","mistral-ai-faces-its-hardest-year-yet-zh","Mistral AI 迎來最硬的一年","2026-03-26T07:40:23.716374+00:00"]