aws-sdk-cloudwatchlogs 1.102.0 → 1.104.0

data/lib/aws-sdk-cloudwatchlogs/types.rb

@@ -43,8 +43,7 @@ module Aws::CloudWatchLogs
     #   @return [String]
     #
     # @!attribute [rw] selection_criteria
-    #   The log group selection criteria for this subscription filter
-    #   policy.
+    #   The log group selection criteria that is used for this policy.
     #   @return [String]
     #
     # @!attribute [rw] account_id
@@ -65,6 +64,58 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This object defines one key that will be added with the [ addKeys][1]
+    # processor.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-addKey
+    #
+    # @!attribute [rw] key
+    #   The key of the new entry to be added to the log event
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value of the new entry to be added to the log event
+    #   @return [String]
+    #
+    # @!attribute [rw] overwrite_if_exists
+    #   Specifies whether to overwrite the value if the key already exists
+    #   in the log event. If you omit this, the default is `false`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AddKeyEntry AWS API Documentation
+    #
+    class AddKeyEntry < Struct.new(
+      :key,
+      :value,
+      :overwrite_if_exists)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This processor adds new key-value pairs to the log event.
+    #
+    # For more information about this processor including examples, see [
+    # addKeys][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-addKeys
+    #
+    # @!attribute [rw] entries
+    #   An array of objects, where each object contains the information
+    #   about one key to add to the log event.
+    #   @return [Array<Types::AddKeyEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/AddKeys AWS API Documentation
+    #
+    class AddKeys < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This structure represents one anomaly that has been found by a logs
     # anomaly detector.
     #
@@ -339,6 +390,53 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # The `CSV` processor parses comma-separated values (CSV) from the log
+    # events into columns.
+    #
+    # For more information about this processor including examples, see [
+    # csv][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-csv
+    #
+    # @!attribute [rw] quote_character
+    #   The character used used as a text qualifier for a single column of
+    #   data. If you omit this, the double quotation mark `"` character is
+    #   used.
+    #   @return [String]
+    #
+    # @!attribute [rw] delimiter
+    #   The character used to separate each column in the original
+    #   comma-separated value log event. If you omit this, the processor
+    #   looks for the comma `,` character as the delimiter.
+    #   @return [String]
+    #
+    # @!attribute [rw] columns
+    #   An array of names to use for the columns in the transformed log
+    #   event.
+    #
+    #   If you omit this, default column names (`[column_1, column_2 ...]`)
+    #   are used.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] source
+    #   The path to the field in the log event that has the comma separated
+    #   values to be parsed. If you omit this value, the whole log message
+    #   is processed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CSV AWS API Documentation
+    #
+    class CSV < Struct.new(
+      :quote_character,
+      :delimiter,
+      :columns,
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] task_id
     #   The ID of the export task.
     #   @return [String]
@@ -498,6 +596,61 @@ module Aws::CloudWatchLogs
     #
     class ConflictException < Aws::EmptyStructure; end
 
+    # This processor copies values within a log event. You can also use this
+    # processor to add metadata to log events by copying the values of the
+    # following metadata keys into the log events: `@logGroupName`,
+    # `@logGroupStream`, `@accountId`, `@regionName`.
+    #
+    # For more information about this processor including examples, see [
+    # copyValue][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-copyValue
+    #
+    # @!attribute [rw] entries
+    #   An array of `CopyValueEntry` objects, where each object contains the
+    #   information about one field value to copy.
+    #   @return [Array<Types::CopyValueEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CopyValue AWS API Documentation
+    #
+    class CopyValue < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This object defines one value to be copied with the [ copyValue][1]
+    # processor.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-copoyValue
+    #
+    # @!attribute [rw] source
+    #   The key to copy.
+    #   @return [String]
+    #
+    # @!attribute [rw] target
+    #   The key of the field to copy the value to.
+    #   @return [String]
+    #
+    # @!attribute [rw] overwrite_if_exists
+    #   Specifies whether to overwrite the value if the destination key
+    #   already exists. If you omit this, the default is `false`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/CopyValueEntry AWS API Documentation
+    #
+    class CopyValueEntry < Struct.new(
+      :source,
+      :target,
+      :overwrite_if_exists)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] delivery_source_name
     #   The name of the delivery source to use for this delivery.
     #   @return [String]
@@ -815,6 +968,65 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This processor converts a datetime string into a format that you
+    # specify.
+    #
+    # For more information about this processor including examples, see [
+    # datetimeConverter][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-datetimeConverter
+    #
+    # @!attribute [rw] source
+    #   The key to apply the date conversion to.
+    #   @return [String]
+    #
+    # @!attribute [rw] target
+    #   The JSON field to store the result in.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_format
+    #   The datetime format to use for the converted data in the target
+    #   field.
+    #
+    #   If you omit this, the default of ` yyyy-MM-dd'T'HH:mm:ss.SSS'Z` is
+    #   used.
+    #   @return [String]
+    #
+    # @!attribute [rw] match_patterns
+    #   A list of patterns to match against the `source` field.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] source_timezone
+    #   The time zone of the source field. If you omit this, the default
+    #   used is the UTC zone.
+    #   @return [String]
+    #
+    # @!attribute [rw] target_timezone
+    #   The time zone of the target field. If you omit this, the default
+    #   used is the UTC zone.
+    #   @return [String]
+    #
+    # @!attribute [rw] locale
+    #   The locale of the source field. If you omit this, the default of
+    #   `locale.ROOT` is used.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DateTimeConverter AWS API Documentation
+    #
+    class DateTimeConverter < Struct.new(
+      :source,
+      :target,
+      :target_format,
+      :match_patterns,
+      :source_timezone,
+      :target_timezone,
+      :locale)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] policy_name
     #   The name of the policy to delete.
     #   @return [String]
@@ -917,6 +1129,74 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] log_group_identifier
+    #   The log group to delete the index policy for. You can specify either
+    #   the name or the ARN of the log group.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteIndexPolicyRequest AWS API Documentation
+    #
+    class DeleteIndexPolicyRequest < Struct.new(
+      :log_group_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteIndexPolicyResponse AWS API Documentation
+    #
+    class DeleteIndexPolicyResponse < Aws::EmptyStructure; end
+
+    # @!attribute [rw] integration_name
+    #   The name of the integration to delete. To find the name of your
+    #   integration, use [ListIntegrations][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListIntegrations.html
+    #   @return [String]
+    #
+    # @!attribute [rw] force
+    #   Specify `true` to force the deletion of the integration even if
+    #   vended logs dashboards currently exist.
+    #
+    #   The default is `false`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteIntegrationRequest AWS API Documentation
+    #
+    class DeleteIntegrationRequest < Struct.new(
+      :integration_name,
+      :force)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteIntegrationResponse AWS API Documentation
+    #
+    class DeleteIntegrationResponse < Aws::EmptyStructure; end
+
+    # This processor deletes entries from a log event. These entries are
+    # key-value pairs.
+    #
+    # For more information about this processor including examples, see [
+    # deleteKeys][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-deleteKeys
+    #
+    # @!attribute [rw] with_keys
+    #   The list of keys to delete.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteKeys AWS API Documentation
+    #
+    class DeleteKeys < Struct.new(
+      :with_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] anomaly_detector_arn
     #   The ARN of the anomaly detector to delete. You can find the ARNs of
     #   log anomaly detectors in your account by using the
@@ -1053,6 +1333,20 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] log_group_identifier
+    #   Specify either the name or ARN of the log group to delete the
+    #   transformer for. If the log group is in a source account and you are
+    #   using a monitoring account, you must use the log group ARN.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteTransformerRequest AWS API Documentation
+    #
+    class DeleteTransformerRequest < Struct.new(
+      :log_group_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This structure contains information about one *delivery* in your
     # account.
     #
@@ -1325,12 +1619,18 @@ module Aws::CloudWatchLogs
     #   is returned.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. (You received this
+    #   token from a previous call.)
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPoliciesRequest AWS API Documentation
     #
     class DescribeAccountPoliciesRequest < Struct.new(
       :policy_type,
       :policy_name,
-      :account_identifiers)
+      :account_identifiers,
+      :next_token)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1340,10 +1640,16 @@ module Aws::CloudWatchLogs
     #   Logs account policies that match the specified filters.
     #   @return [Array<Types::AccountPolicy>]
     #
+    # @!attribute [rw] next_token
+    #   The token to use when requesting the next set of items. The token
+    #   expires after 24 hours.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPoliciesResponse AWS API Documentation
     #
     class DescribeAccountPoliciesResponse < Struct.new(
-      :account_policies)
+      :account_policies,
+      :next_token)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1620,6 +1926,80 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] log_group_identifiers
+    #   An array containing the names or ARNs of the log groups that you
+    #   want to retrieve field indexes for.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeFieldIndexesRequest AWS API Documentation
+    #
+    class DescribeFieldIndexesRequest < Struct.new(
+      :log_group_identifiers,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] field_indexes
+    #   An array containing the field index information.
+    #   @return [Array<Types::FieldIndex>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeFieldIndexesResponse AWS API Documentation
+    #
+    class DescribeFieldIndexesResponse < Struct.new(
+      :field_indexes,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] log_group_identifiers
+    #   An array containing the name or ARN of the log group that you want
+    #   to retrieve field index policies for.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeIndexPoliciesRequest AWS API Documentation
+    #
+    class DescribeIndexPoliciesRequest < Struct.new(
+      :log_group_identifiers,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] index_policies
+    #   An array containing the field index policies.
+    #   @return [Array<Types::IndexPolicy>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeIndexPoliciesResponse AWS API Documentation
+    #
+    class DescribeIndexPoliciesResponse < Struct.new(
+      :index_policies,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] account_identifiers
     #   When `includeLinkedAccounts` is set to `True`, use this parameter to
     #   specify the list of accounts to search. You can specify as many as
@@ -1898,13 +2278,19 @@ module Aws::CloudWatchLogs
     #   after 24 hours.
     #   @return [String]
     #
+    # @!attribute [rw] query_language
+    #   Limits the returned queries to only the queries that use the
+    #   specified query language.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueriesRequest AWS API Documentation
     #
     class DescribeQueriesRequest < Struct.new(
       :log_group_name,
       :status,
       :max_results,
-      :next_token)
+      :next_token,
+      :query_language)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1927,6 +2313,16 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] query_language
+    #   The query language used for this query. For more information about
+    #   the query languages that CloudWatch Logs supports, see [Supported
+    #   query languages][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html
+    #   @return [String]
+    #
     # @!attribute [rw] query_definition_name_prefix
     #   Use this parameter to filter your results to only the query
     #   definitions that have names that start with the prefix you specify.
@@ -1945,6 +2341,7 @@ module Aws::CloudWatchLogs
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeQueryDefinitionsRequest AWS API Documentation
     #
     class DescribeQueryDefinitionsRequest < Struct.new(
+      :query_language,
       :query_definition_name_prefix,
       :max_results,
       :next_token)
@@ -2145,14 +2542,34 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
-    # Reserved for internal use.
+    # The entity associated with the log events in a `PutLogEvents` call.
     #
     # @!attribute [rw] key_attributes
-    #   Reserved for internal use.
+    #   The attributes of the entity which identify the specific entity, as
+    #   a list of key-value pairs. Entities with the same `keyAttributes`
+    #   are considered to be the same entity.
+    #
+    #   There are five allowed attributes (key names): `Type`,
+    #   `ResourceType`, `Identifier` `Name`, and `Environment`.
+    #
+    #   For details about how to use the key attributes, see [How to add
+    #   related information to telemetry][1] in the *CloudWatch User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/adding-your-own-related-telemetry.html
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] attributes
-    #   Reserved for internal use.
+    #   Additional attributes of the entity that are not used to specify the
+    #   identity of the entity. A list of key-value pairs.
+    #
+    #   For details about how to use the attributes, see [How to add related
+    #   information to telemetry][1] in the *CloudWatch User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/adding-your-own-related-telemetry.html
     #   @return [Hash<String,String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/Entity AWS API Documentation
@@ -2263,6 +2680,46 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This structure describes one log event field that is used as an index
+    # in at least one index policy in this account.
+    #
+    # @!attribute [rw] log_group_identifier
+    #   If this field index appears in an index policy that applies only to
+    #   a single log group, the ARN of that log group is displayed here.
+    #   @return [String]
+    #
+    # @!attribute [rw] field_index_name
+    #   The string that this field index matches.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_scan_time
+    #   The most recent time that CloudWatch Logs scanned ingested log
+    #   events to search for this field index to improve the speed of future
+    #   CloudWatch Logs Insights queries that search for this field index.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] first_event_time
+    #   The time and date of the earliest log event that matches this field
+    #   index, after the index policy that contains it was created.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] last_event_time
+    #   The time and date of the most recent log event that matches this
+    #   field index.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FieldIndex AWS API Documentation
+    #
+    class FieldIndex < Struct.new(
+      :log_group_identifier,
+      :field_index_name,
+      :last_scan_time,
+      :first_event_time,
+      :last_event_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_name
     #   The name of the log group to search.
     #
@@ -2566,17 +3023,65 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
-    # @!attribute [rw] anomaly_detector_arn
-    #   The ARN of the anomaly detector to retrieve information about. You
-    #   can find the ARNs of log anomaly detectors in your account by using
-    #   the [ListLogAnomalyDetectors][1] operation.
+    # @!attribute [rw] integration_name
+    #   The name of the integration that you want to find information about.
+    #   To find the name of your integration, use [ListIntegrations][1]
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListIntegrations.html
     #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogAnomalyDetectorRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetIntegrationRequest AWS API Documentation
+    #
+    class GetIntegrationRequest < Struct.new(
+      :integration_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] integration_name
+    #   The name of the integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_type
+    #   The type of integration. Integrations with OpenSearch Service have
+    #   the type `OPENSEARCH`.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_status
+    #   The current status of this integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_details
+    #   A structure that contains information about the integration
+    #   configuration. For an integration with OpenSearch Service, this
+    #   includes information about OpenSearch Service resources such as the
+    #   collection, the workspace, and policies.
+    #   @return [Types::IntegrationDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetIntegrationResponse AWS API Documentation
+    #
+    class GetIntegrationResponse < Struct.new(
+      :integration_name,
+      :integration_type,
+      :integration_status,
+      :integration_details)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] anomaly_detector_arn
+    #   The ARN of the anomaly detector to retrieve information about. You
+    #   can find the ARNs of log anomaly detectors in your account by using
+    #   the [ListLogAnomalyDetectors][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListLogAnomalyDetectors.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogAnomalyDetectorRequest AWS API Documentation
     #
     class GetLogAnomalyDetectorRequest < Struct.new(
       :anomaly_detector_arn)
@@ -2865,6 +3370,16 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] query_language
+    #   The query language used for this query. For more information about
+    #   the query languages that CloudWatch Logs supports, see [Supported
+    #   query languages][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html
+    #   @return [String]
+    #
     # @!attribute [rw] results
     #   The log events that matched the query criteria during the most
     #   recent time it ran.
@@ -2905,6 +3420,7 @@ module Aws::CloudWatchLogs
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetQueryResultsResponse AWS API Documentation
     #
     class GetQueryResultsResponse < Struct.new(
+      :query_language,
       :results,
       :statistics,
       :status,
@@ -2913,6 +3429,124 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] log_group_identifier
+    #   Specify either the name or ARN of the log group to return
+    #   transformer information for. If the log group is in a source account
+    #   and you are using a monitoring account, you must use the log group
+    #   ARN.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetTransformerRequest AWS API Documentation
+    #
+    class GetTransformerRequest < Struct.new(
+      :log_group_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] log_group_identifier
+    #   The ARN of the log group that you specified in your request.
+    #   @return [String]
+    #
+    # @!attribute [rw] creation_time
+    #   The creation time of the transformer, expressed as the number of
+    #   milliseconds after Jan 1, 1970 00:00:00 UTC.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] last_modified_time
+    #   The date and time when this transformer was most recently modified,
+    #   expressed as the number of milliseconds after Jan 1, 1970 00:00:00
+    #   UTC.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] transformer_config
+    #   This sructure contains the configuration of the requested
+    #   transformer.
+    #   @return [Array<Types::Processor>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetTransformerResponse AWS API Documentation
+    #
+    class GetTransformerResponse < Struct.new(
+      :log_group_identifier,
+      :creation_time,
+      :last_modified_time,
+      :transformer_config)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This processor uses pattern matching to parse and structure
+    # unstructured data. This processor can also extract fields from log
+    # messages.
+    #
+    # For more information about this processor including examples, see [
+    # grok][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Grok
+    #
+    # @!attribute [rw] source
+    #   The path to the field in the log event that you want to parse. If
+    #   you omit this value, the whole log message is parsed.
+    #   @return [String]
+    #
+    # @!attribute [rw] match
+    #   The grok pattern to match against the log event. For a list of
+    #   supported grok patterns, see [Supported grok patterns][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#Grok-Patterns
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/Grok AWS API Documentation
+    #
+    class Grok < Struct.new(
+      :source,
+      :match)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about one field index policy in
+    # this account.
+    #
+    # @!attribute [rw] log_group_identifier
+    #   The ARN of the log group that this index policy applies to.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_update_time
+    #   The date and time that this index policy was most recently updated.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] policy_document
+    #   The policy document for this index policy, in JSON format.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_name
+    #   The name of this policy. Responses about log group-level field index
+    #   policies don't have this field, because those policies don't have
+    #   names.
+    #   @return [String]
+    #
+    # @!attribute [rw] source
+    #   This field indicates whether this is an account-level index policy
+    #   or an index policy that applies only to a single log group.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/IndexPolicy AWS API Documentation
+    #
+    class IndexPolicy < Struct.new(
+      :log_group_identifier,
+      :last_update_time,
+      :policy_document,
+      :policy_name,
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Represents a log event, which is a record of activity that was
     # recorded by the application or resource being monitored.
     #
@@ -2934,6 +3568,68 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This structure contains information about the integration
+    # configuration. For an integration with OpenSearch Service, this
+    # includes information about OpenSearch Service resources such as the
+    # collection, the workspace, and policies.
+    #
+    # This structure is returned by a [GetIntegration][1] operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetIntegration.html
+    #
+    # @note IntegrationDetails is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of IntegrationDetails corresponding to the set member.
+    #
+    # @!attribute [rw] open_search_integration_details
+    #   This structure contains complete information about one integration
+    #   between CloudWatch Logs and OpenSearch Service.
+    #   @return [Types::OpenSearchIntegrationDetails]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/IntegrationDetails AWS API Documentation
+    #
+    class IntegrationDetails < Struct.new(
+      :open_search_integration_details,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class OpenSearchIntegrationDetails < IntegrationDetails; end
+      class Unknown < IntegrationDetails; end
+    end
+
+    # This structure contains information about one CloudWatch Logs
+    # integration. This structure is returned by a [ListIntegrations][1]
+    # operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_ListIntegrations.html
+    #
+    # @!attribute [rw] integration_name
+    #   The name of this integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_type
+    #   The type of integration. Integrations with OpenSearch Service have
+    #   the type `OPENSEARCH`.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_status
+    #   The current status of this integration.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/IntegrationSummary AWS API Documentation
+    #
+    class IntegrationSummary < Struct.new(
+      :integration_name,
+      :integration_type,
+      :integration_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The operation is not valid on the specified resource.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/InvalidOperationException AWS API Documentation
@@ -3022,6 +3718,44 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] integration_name_prefix
+    #   To limit the results to integrations that start with a certain name
+    #   prefix, specify that name prefix here.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_type
+    #   To limit the results to integrations of a certain type, specify that
+    #   type here.
+    #   @return [String]
+    #
+    # @!attribute [rw] integration_status
+    #   To limit the results to integrations with a certain status, specify
+    #   that status here.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListIntegrationsRequest AWS API Documentation
+    #
+    class ListIntegrationsRequest < Struct.new(
+      :integration_name_prefix,
+      :integration_type,
+      :integration_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] integration_summaries
+    #   An array, where each object in the array contains information about
+    #   one CloudWatch Logs integration in this account.
+    #   @return [Array<Types::IntegrationSummary>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListIntegrationsResponse AWS API Documentation
+    #
+    class ListIntegrationsResponse < Struct.new(
+      :integration_summaries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] filter_log_group_arn
     #   Use this to optionally filter the results to only include anomaly
     #   detectors that are associated with the specified log group.
@@ -3066,6 +3800,53 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] query_id
+    #   The ID of the query to use. This query ID is from the response to
+    #   your [StartQuery][1] operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   Limits the number of returned log groups to the specified number.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogGroupsForQueryRequest AWS API Documentation
+    #
+    class ListLogGroupsForQueryRequest < Struct.new(
+      :query_id,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] log_group_identifiers
+    #   An array of the names and ARNs of the log groups that were processed
+    #   in the query.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. The token expires
+    #   after 24 hours.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogGroupsForQueryResponse AWS API Documentation
+    #
+    class ListLogGroupsForQueryResponse < Struct.new(
+      :log_group_identifiers,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] resource_arn
     #   The ARN of the resource that you want to view tags for.
     #
@@ -3127,6 +3908,62 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This processor takes a list of objects that contain key fields, and
+    # converts them into a map of target keys.
+    #
+    # For more information about this processor including examples, see [
+    # listToMap][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-listToMap
+    #
+    # @!attribute [rw] source
+    #   The key in the log event that has a list of objects that will be
+    #   converted to a map.
+    #   @return [String]
+    #
+    # @!attribute [rw] key
+    #   The key of the field to be extracted as keys in the generated map
+    #   @return [String]
+    #
+    # @!attribute [rw] value_key
+    #   If this is specified, the values that you specify in this parameter
+    #   will be extracted from the `source` objects and put into the values
+    #   of the generated map. Otherwise, original objects in the source list
+    #   will be put into the values of the generated map.
+    #   @return [String]
+    #
+    # @!attribute [rw] target
+    #   The key of the field that will hold the generated map
+    #   @return [String]
+    #
+    # @!attribute [rw] flatten
+    #   A Boolean value to indicate whether the list will be flattened into
+    #   single items. Specify `true` to flatten the list. The default is
+    #   `false`
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] flattened_element
+    #   If you set `flatten` to `true`, use `flattenedElement` to specify
+    #   which element, `first` or `last`, to keep.
+    #
+    #   You must specify this parameter if `flatten` is `true`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListToMap AWS API Documentation
+    #
+    class ListToMap < Struct.new(
+      :source,
+      :key,
+      :value_key,
+      :target,
+      :flatten,
+      :flattened_element)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # This object contains the information for one log event returned in a
     # Live Tail stream.
     #
@@ -3510,6 +4347,28 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This processor converts a string to lowercase.
+    #
+    # For more information about this processor including examples, see [
+    # lowerCaseString][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-lowerCaseString
+    #
+    # @!attribute [rw] with_keys
+    #   The array caontaining the keys of the fields to convert to
+    #   lowercase.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/LowerCaseString AWS API Documentation
+    #
+    class LowerCaseString < Struct.new(
+      :with_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The query string is not valid. Details about this error are displayed
     # in a `QueryCompileError` object. For more information, see
     # [QueryCompileError][1].
@@ -3562,6 +4421,20 @@ module Aws::CloudWatchLogs
     #   The name of the log group.
     #   @return [String]
     #
+    # @!attribute [rw] apply_on_transformed_logs
+    #   This parameter is valid only for log groups that have an active log
+    #   transformer. For more information about log transformers, see
+    #   [PutTransformer][1].
+    #
+    #   If this value is `true`, the metric filter is applied on the
+    #   transformed version of the log events instead of the original
+    #   ingested log events.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/MetricFilter AWS API Documentation
     #
     class MetricFilter < Struct.new(
@@ -3569,7 +4442,8 @@ module Aws::CloudWatchLogs
       :filter_pattern,
       :metric_transformations,
       :creation_time,
-      :log_group_name)
+      :log_group_name,
+      :apply_on_transformed_logs)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3668,52 +4542,796 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
-    # Multiple concurrent requests to update the same resource were in
-    # conflict.
+    # This object defines one key that will be moved with the [ moveKey][1]
+    # processor.
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OperationAbortedException AWS API Documentation
     #
-    class OperationAbortedException < Aws::EmptyStructure; end
-
-    # Represents a log event.
     #
-    # @!attribute [rw] timestamp
-    #   The time the event occurred, expressed as the number of milliseconds
-    #   after `Jan 1, 1970 00:00:00 UTC`.
-    #   @return [Integer]
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-moveKey
     #
-    # @!attribute [rw] message
-    #   The data contained in the log event.
+    # @!attribute [rw] source
+    #   The key to move.
     #   @return [String]
     #
-    # @!attribute [rw] ingestion_time
-    #   The time the event was ingested, expressed as the number of
-    #   milliseconds after `Jan 1, 1970 00:00:00 UTC`.
-    #   @return [Integer]
+    # @!attribute [rw] target
+    #   The key to move to.
+    #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OutputLogEvent AWS API Documentation
+    # @!attribute [rw] overwrite_if_exists
+    #   Specifies whether to overwrite the value if the destination key
+    #   already exists. If you omit this, the default is `false`.
+    #   @return [Boolean]
     #
-    class OutputLogEvent < Struct.new(
-      :timestamp,
-      :message,
-      :ingestion_time)
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/MoveKeyEntry AWS API Documentation
+    #
+    class MoveKeyEntry < Struct.new(
+      :source,
+      :target,
+      :overwrite_if_exists)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # A structure that contains information about one pattern token related
-    # to an anomaly.
+    # This processor moves a key from one field to another. The original key
+    # is deleted.
     #
-    # For more information about patterns and tokens, see
-    # [CreateLogAnomalyDetector][1].
+    # For more information about this processor including examples, see [
+    # moveKeys][1] in the *CloudWatch Logs User Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-moveKeys
     #
-    # @!attribute [rw] dynamic_token_position
-    #   For a dynamic token, this indicates where in the pattern that this
-    #   token appears, related to other dynamic tokens. The dynamic token
+    # @!attribute [rw] entries
+    #   An array of objects, where each object contains the information
+    #   about one key to move.
+    #   @return [Array<Types::MoveKeyEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/MoveKeys AWS API Documentation
+    #
+    class MoveKeys < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service
+    # application used for this integration. An OpenSearch Service
+    # application is the web application created by the integration with
+    # CloudWatch Logs. It hosts the vended logs dashboards.
+    #
+    # @!attribute [rw] application_endpoint
+    #   The endpoint of the application.
+    #   @return [String]
+    #
+    # @!attribute [rw] application_arn
+    #   The Amazon Resource Name (ARN) of the application.
+    #   @return [String]
+    #
+    # @!attribute [rw] application_id
+    #   The ID of the application.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchApplication AWS API Documentation
+    #
+    class OpenSearchApplication < Struct.new(
+      :application_endpoint,
+      :application_arn,
+      :application_id,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service
+    # collection used for this integration. An OpenSearch Service collection
+    # is a logical grouping of one or more indexes that represent an
+    # analytics workload. For more information, see [Creating and managing
+    # OpenSearch Service Serverless collections][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-collections.html
+    #
+    # @!attribute [rw] collection_endpoint
+    #   The endpoint of the collection.
+    #   @return [String]
+    #
+    # @!attribute [rw] collection_arn
+    #   The ARN of the collection.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchCollection AWS API Documentation
+    #
+    class OpenSearchCollection < Struct.new(
+      :collection_endpoint,
+      :collection_arn,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service data
+    # access policy used for this integration. The access policy defines the
+    # access controls for the collection. This data access policy was
+    # automatically created as part of the integration setup. For more
+    # information about OpenSearch Service data access policies, see [Data
+    # access control for Amazon OpenSearch Serverless][1] in the OpenSearch
+    # Service Developer Guide.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html
+    #
+    # @!attribute [rw] policy_name
+    #   The name of the data access policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchDataAccessPolicy AWS API Documentation
+    #
+    class OpenSearchDataAccessPolicy < Struct.new(
+      :policy_name,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service data
+    # source used for this integration. This data source was created as part
+    # of the integration setup. An OpenSearch Service data source defines
+    # the source and destination for OpenSearch Service queries. It includes
+    # the role required to execute queries and write to collections.
+    #
+    # For more information about OpenSearch Service data sources , see
+    # [Creating OpenSearch Service data source integrations with Amazon
+    # S3.][1]
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/direct-query-s3-creating.html
+    #
+    # @!attribute [rw] data_source_name
+    #   The name of the OpenSearch Service data source.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchDataSource AWS API Documentation
+    #
+    class OpenSearchDataSource < Struct.new(
+      :data_source_name,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service
+    # encryption policy used for this integration. The encryption policy was
+    # created automatically when you created the integration. For more
+    # information, see [Encryption policies][1] in the OpenSearch Service
+    # Developer Guide.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-encryption.html#serverless-encryption-policies
+    #
+    # @!attribute [rw] policy_name
+    #   The name of the encryption policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchEncryptionPolicy AWS API Documentation
+    #
+    class OpenSearchEncryptionPolicy < Struct.new(
+      :policy_name,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains complete information about one CloudWatch Logs
+    # integration. This structure is returned by a [GetIntegration][1]
+    # operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetIntegration.html
+    #
+    # @!attribute [rw] data_source
+    #   This structure contains information about the OpenSearch Service
+    #   data source used for this integration. This data source was created
+    #   as part of the integration setup. An OpenSearch Service data source
+    #   defines the source and destination for OpenSearch Service queries.
+    #   It includes the role required to execute queries and write to
+    #   collections.
+    #
+    #   For more information about OpenSearch Service data sources , see
+    #   [Creating OpenSearch Service data source integrations with Amazon
+    #   S3.][1]
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/direct-query-s3-creating.html
+    #   @return [Types::OpenSearchDataSource]
+    #
+    # @!attribute [rw] application
+    #   This structure contains information about the OpenSearch Service
+    #   application used for this integration. An OpenSearch Service
+    #   application is the web application that was created by the
+    #   integration with CloudWatch Logs. It hosts the vended logs
+    #   dashboards.
+    #   @return [Types::OpenSearchApplication]
+    #
+    # @!attribute [rw] collection
+    #   This structure contains information about the OpenSearch Service
+    #   collection used for this integration. This collection was created as
+    #   part of the integration setup. An OpenSearch Service collection is a
+    #   logical grouping of one or more indexes that represent an analytics
+    #   workload. For more information, see [Creating and managing
+    #   OpenSearch Service Serverless collections][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-collections.html
+    #   @return [Types::OpenSearchCollection]
+    #
+    # @!attribute [rw] workspace
+    #   This structure contains information about the OpenSearch Service
+    #   workspace used for this integration. An OpenSearch Service workspace
+    #   is the collection of dashboards along with other OpenSearch Service
+    #   tools. This workspace was created automatically as part of the
+    #   integration setup. For more information, see [Centralized OpenSearch
+    #   user interface (Dashboards) with OpenSearch Service][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application.html
+    #   @return [Types::OpenSearchWorkspace]
+    #
+    # @!attribute [rw] encryption_policy
+    #   This structure contains information about the OpenSearch Service
+    #   encryption policy used for this integration. The encryption policy
+    #   was created automatically when you created the integration. For more
+    #   information, see [Encryption policies][1] in the OpenSearch Service
+    #   Developer Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-encryption.html#serverless-encryption-policies
+    #   @return [Types::OpenSearchEncryptionPolicy]
+    #
+    # @!attribute [rw] network_policy
+    #   This structure contains information about the OpenSearch Service
+    #   network policy used for this integration. The network policy assigns
+    #   network access settings to collections. For more information, see
+    #   [Network policies][1] in the OpenSearch Service Developer Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-network.html#serverless-network-policies
+    #   @return [Types::OpenSearchNetworkPolicy]
+    #
+    # @!attribute [rw] access_policy
+    #   This structure contains information about the OpenSearch Service
+    #   data access policy used for this integration. The access policy
+    #   defines the access controls for the collection. This data access
+    #   policy was automatically created as part of the integration setup.
+    #   For more information about OpenSearch Service data access policies,
+    #   see [Data access control for Amazon OpenSearch Serverless][1] in the
+    #   OpenSearch Service Developer Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-data-access.html
+    #   @return [Types::OpenSearchDataAccessPolicy]
+    #
+    # @!attribute [rw] lifecycle_policy
+    #   This structure contains information about the OpenSearch Service
+    #   data lifecycle policy used for this integration. The lifecycle
+    #   policy determines the lifespan of the data in the collection. It was
+    #   automatically created as part of the integration setup.
+    #
+    #   For more information, see [Using data lifecycle policies with
+    #   OpenSearch Service Serverless][1] in the OpenSearch Service
+    #   Developer Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-lifecycle.html
+    #   @return [Types::OpenSearchLifecyclePolicy]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchIntegrationDetails AWS API Documentation
+    #
+    class OpenSearchIntegrationDetails < Struct.new(
+      :data_source,
+      :application,
+      :collection,
+      :workspace,
+      :encryption_policy,
+      :network_policy,
+      :access_policy,
+      :lifecycle_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service data
+    # lifecycle policy used for this integration. The lifecycle policy
+    # determines the lifespan of the data in the collection. It was
+    # automatically created as part of the integration setup.
+    #
+    # For more information, see [Using data lifecycle policies with
+    # OpenSearch Service Serverless][1] in the OpenSearch Service Developer
+    # Guide.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-lifecycle.html
+    #
+    # @!attribute [rw] policy_name
+    #   The name of the lifecycle policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchLifecyclePolicy AWS API Documentation
+    #
+    class OpenSearchLifecyclePolicy < Struct.new(
+      :policy_name,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service
+    # network policy used for this integration. The network policy assigns
+    # network access settings to collections. For more information, see
+    # [Network policies][1] in the OpenSearch Service Developer Guide.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/serverless-network.html#serverless-network-policies
+    #
+    # @!attribute [rw] policy_name
+    #   The name of the network policy.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of this
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchNetworkPolicy AWS API Documentation
+    #
+    class OpenSearchNetworkPolicy < Struct.new(
+      :policy_name,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains configuration details about an integration
+    # between CloudWatch Logs and OpenSearch Service.
+    #
+    # @!attribute [rw] kms_key_arn
+    #   To have the vended dashboard data encrypted with KMS instead of the
+    #   CloudWatch Logs default encryption method, specify the ARN of the
+    #   KMS key that you want to use.
+    #   @return [String]
+    #
+    # @!attribute [rw] data_source_role_arn
+    #   Specify the ARN of an IAM role that CloudWatch Logs will use to
+    #   create the integration. This role must have the permissions
+    #   necessary to access the OpenSearch Service collection to be able to
+    #   create the dashboards. For more information about the permissions
+    #   needed, see [Create an IAM role to access the OpenSearch Service
+    #   collection][1] in the CloudWatch Logs User Guide.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/OpenSearch-Dashboards-CreateRole
+    #   @return [String]
+    #
+    # @!attribute [rw] dashboard_viewer_principals
+    #   Specify the ARNs of IAM roles and IAM users who you want to grant
+    #   permission to for viewing the dashboards.
+    #
+    #   In addition to specifying these users here, you must also grant them
+    #   the **CloudWatchOpenSearchDashboardsAccess** IAM policy. For more
+    #   information, see
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] application_arn
+    #   If you want to use an existing OpenSearch Service application for
+    #   your integration with OpenSearch Service, specify it here. If you
+    #   omit this, a new application will be created.
+    #   @return [String]
+    #
+    # @!attribute [rw] retention_days
+    #   Specify how many days that you want the data derived by OpenSearch
+    #   Service to be retained in the index that the dashboard refers to.
+    #   This also sets the maximum time period that you can choose when
+    #   viewing data in the dashboard. Choosing a longer time frame will
+    #   incur additional costs.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchResourceConfig AWS API Documentation
+    #
+    class OpenSearchResourceConfig < Struct.new(
+      :kms_key_arn,
+      :data_source_role_arn,
+      :dashboard_viewer_principals,
+      :application_arn,
+      :retention_days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the status of an OpenSearch
+    # Service resource.
+    #
+    # @!attribute [rw] status
+    #   The current status of this resource.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   A message with additional information about the status of this
+    #   resource.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchResourceStatus AWS API Documentation
+    #
+    class OpenSearchResourceStatus < Struct.new(
+      :status,
+      :status_message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This structure contains information about the OpenSearch Service
+    # workspace used for this integration. An OpenSearch Service workspace
+    # is the collection of dashboards along with other OpenSearch Service
+    # tools. This workspace was created automatically as part of the
+    # integration setup. For more information, see [Centralized OpenSearch
+    # user interface (Dashboards) with OpenSearch Service][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/application.html
+    #
+    # @!attribute [rw] workspace_id
+    #   The ID of this workspace.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   This structure contains information about the status of an
+    #   OpenSearch Service resource.
+    #   @return [Types::OpenSearchResourceStatus]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OpenSearchWorkspace AWS API Documentation
+    #
+    class OpenSearchWorkspace < Struct.new(
+      :workspace_id,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Multiple concurrent requests to update the same resource were in
+    # conflict.
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OperationAbortedException AWS API Documentation
+    #
+    class OperationAbortedException < Aws::EmptyStructure; end
+
+    # Represents a log event.
+    #
+    # @!attribute [rw] timestamp
+    #   The time the event occurred, expressed as the number of milliseconds
+    #   after `Jan 1, 1970 00:00:00 UTC`.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] message
+    #   The data contained in the log event.
+    #   @return [String]
+    #
+    # @!attribute [rw] ingestion_time
+    #   The time the event was ingested, expressed as the number of
+    #   milliseconds after `Jan 1, 1970 00:00:00 UTC`.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/OutputLogEvent AWS API Documentation
+    #
+    class OutputLogEvent < Struct.new(
+      :timestamp,
+      :message,
+      :ingestion_time)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This processor parses CloudFront vended logs, extract fields, and
+    # convert them into JSON format. Encoded field values are decoded.
+    # Values that are integers and doubles are treated as such. For more
+    # information about this processor including examples, see [
+    # parseCloudfront][1]
+    #
+    # For more information about CloudFront log format, see [ Configure and
+    # use standard logs (access logs)][2].
+    #
+    # If you use this processor, it must be the first processor in your
+    # transformer.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseCloudfront
+    # [2]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html
+    #
+    # @!attribute [rw] source
+    #   Omit this parameter and the whole log message will be processed by
+    #   this processor. No other value than `@message` is allowed for
+    #   `source`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseCloudfront AWS API Documentation
+    #
+    class ParseCloudfront < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This processor parses log events that are in JSON format. It can
+    # extract JSON key-value pairs and place them under a destination that
+    # you specify.
+    #
+    # Additionally, because you must have at least one parse-type processor
+    # in a transformer, you can use `ParseJSON` as that processor for
+    # JSON-format logs, so that you can also apply other processors, such as
+    # mutate processors, to these logs.
+    #
+    # For more information about this processor including examples, see [
+    # parseJSON][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseJSON
+    #
+    # @!attribute [rw] source
+    #   Path to the field in the log event that will be parsed. Use dot
+    #   notation to access child fields. For example, `store.book`
+    #   @return [String]
+    #
+    # @!attribute [rw] destination
+    #   The location to put the parsed key value pair into. If you omit this
+    #   parameter, it is placed under the root node.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseJSON AWS API Documentation
+    #
+    class ParseJSON < Struct.new(
+      :source,
+      :destination)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This processor parses a specified field in the original log event into
+    # key-value pairs.
+    #
+    # For more information about this processor including examples, see [
+    # parseKeyValue][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseKeyValue
+    #
+    # @!attribute [rw] source
+    #   Path to the field in the log event that will be parsed. Use dot
+    #   notation to access child fields. For example, `store.book`
+    #   @return [String]
+    #
+    # @!attribute [rw] destination
+    #   The destination field to put the extracted key-value pairs into
+    #   @return [String]
+    #
+    # @!attribute [rw] field_delimiter
+    #   The field delimiter string that is used between key-value pairs in
+    #   the original log events. If you omit this, the ampersand `&`
+    #   character is used.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_value_delimiter
+    #   The delimiter string to use between the key and value in each pair
+    #   in the transformed log event.
+    #
+    #   If you omit this, the equal `=` character is used.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_prefix
+    #   If you want to add a prefix to all transformed keys, specify it
+    #   here.
+    #   @return [String]
+    #
+    # @!attribute [rw] non_match_value
+    #   A value to insert into the value field in the result, when a
+    #   key-value pair is not successfully split.
+    #   @return [String]
+    #
+    # @!attribute [rw] overwrite_if_exists
+    #   Specifies whether to overwrite the value if the destination key
+    #   already exists. If you omit this, the default is `false`.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseKeyValue AWS API Documentation
+    #
+    class ParseKeyValue < Struct.new(
+      :source,
+      :destination,
+      :field_delimiter,
+      :key_value_delimiter,
+      :key_prefix,
+      :non_match_value,
+      :overwrite_if_exists)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to parse RDS for PostgreSQL vended logs, extract
+    # fields, and and convert them into a JSON format. This processor always
+    # processes the entire log event message. For more information about
+    # this processor including examples, see [ parsePostGres][1].
+    #
+    # For more information about RDS for PostgreSQL log format, see [ RDS
+    # for PostgreSQL database log filesTCP flag sequence][2].
+    #
+    # If you use this processor, it must be the first processor in your
+    # transformer.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parsePostGres
+    # [2]: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.Concepts.PostgreSQL.html#USER_LogAccess.Concepts.PostgreSQL.Log_Format.log-line-prefix
+    #
+    # @!attribute [rw] source
+    #   Omit this parameter and the whole log message will be processed by
+    #   this processor. No other value than `@message` is allowed for
+    #   `source`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParsePostgres AWS API Documentation
+    #
+    class ParsePostgres < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to parse Route 53 vended logs, extract fields, and
+    # and convert them into a JSON format. This processor always processes
+    # the entire log event message. For more information about this
+    # processor including examples, see [ parseRoute53][1].
+    #
+    # If you use this processor, it must be the first processor in your
+    # transformer.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseRoute53
+    #
+    # @!attribute [rw] source
+    #   Omit this parameter and the whole log message will be processed by
+    #   this processor. No other value than `@message` is allowed for
+    #   `source`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseRoute53 AWS API Documentation
+    #
+    class ParseRoute53 < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to parse Amazon VPC vended logs, extract fields,
+    # and and convert them into a JSON format. This processor always
+    # processes the entire log event message.
+    #
+    # This processor doesn't support custom log formats, such as NAT
+    # gateway logs. For more information about custom log formats in Amazon
+    # VPC, see [ parseVPC][1] For more information about this processor
+    # including examples, see [ parseVPC][2].
+    #
+    # If you use this processor, it must be the first processor in your
+    # transformer.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs-records-examples.html#flow-log-example-tcp-flag
+    # [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseVPC
+    #
+    # @!attribute [rw] source
+    #   Omit this parameter and the whole log message will be processed by
+    #   this processor. No other value than `@message` is allowed for
+    #   `source`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseVPC AWS API Documentation
+    #
+    class ParseVPC < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to parse WAF vended logs, extract fields, and and
+    # convert them into a JSON format. This processor always processes the
+    # entire log event message. For more information about this processor
+    # including examples, see [ parseWAF][1].
+    #
+    # For more information about WAF log format, see [ Log examples for web
+    # ACL traffic][2].
+    #
+    # If you use this processor, it must be the first processor in your
+    # transformer.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parsePostGres
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/logging-examples.html
+    #
+    # @!attribute [rw] source
+    #   Omit this parameter and the whole log message will be processed by
+    #   this processor. No other value than `@message` is allowed for
+    #   `source`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ParseWAF AWS API Documentation
+    #
+    class ParseWAF < Struct.new(
+      :source)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A structure that contains information about one pattern token related
+    # to an anomaly.
+    #
+    # For more information about patterns and tokens, see
+    # [CreateLogAnomalyDetector][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_CreateLogAnomalyDetector.html
+    #
+    # @!attribute [rw] dynamic_token_position
+    #   For a dynamic token, this indicates where in the pattern that this
+    #   token appears, related to other dynamic tokens. The dynamic token
     #   that appears first has a value of `1`, the one that appears second
     #   is `2`, and so on.
     #   @return [Integer]
@@ -3773,6 +5391,251 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This structure contains the information about one processor in a log
+    # transformer.
+    #
+    # @!attribute [rw] add_keys
+    #   Use this parameter to include the [ addKeys][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-addKeys
+    #   @return [Types::AddKeys]
+    #
+    # @!attribute [rw] copy_value
+    #   Use this parameter to include the [ copyValue][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-copyValue
+    #   @return [Types::CopyValue]
+    #
+    # @!attribute [rw] csv
+    #   Use this parameter to include the [ CSV][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-CSV
+    #   @return [Types::CSV]
+    #
+    # @!attribute [rw] date_time_converter
+    #   Use this parameter to include the [ datetimeConverter][1] processor
+    #   in your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-datetimeConverter
+    #   @return [Types::DateTimeConverter]
+    #
+    # @!attribute [rw] delete_keys
+    #   Use this parameter to include the [ deleteKeys][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-deleteKeys
+    #   @return [Types::DeleteKeys]
+    #
+    # @!attribute [rw] grok
+    #   Use this parameter to include the [ grok][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-grok
+    #   @return [Types::Grok]
+    #
+    # @!attribute [rw] list_to_map
+    #   Use this parameter to include the [ listToMap][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-listToMap
+    #   @return [Types::ListToMap]
+    #
+    # @!attribute [rw] lower_case_string
+    #   Use this parameter to include the [ lowerCaseString][1] processor in
+    #   your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-lowerCaseString
+    #   @return [Types::LowerCaseString]
+    #
+    # @!attribute [rw] move_keys
+    #   Use this parameter to include the [ moveKeys][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-moveKeys
+    #   @return [Types::MoveKeys]
+    #
+    # @!attribute [rw] parse_cloudfront
+    #   Use this parameter to include the [ parseCloudfront][1] processor in
+    #   your transformer.
+    #
+    #   If you use this processor, it must be the first processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseCloudfront
+    #   @return [Types::ParseCloudfront]
+    #
+    # @!attribute [rw] parse_json
+    #   Use this parameter to include the [ parseJSON][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseJSON
+    #   @return [Types::ParseJSON]
+    #
+    # @!attribute [rw] parse_key_value
+    #   Use this parameter to include the [ parseKeyValue][1] processor in
+    #   your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseKeyValue
+    #   @return [Types::ParseKeyValue]
+    #
+    # @!attribute [rw] parse_route_53
+    #   Use this parameter to include the [ parseRoute53][1] processor in
+    #   your transformer.
+    #
+    #   If you use this processor, it must be the first processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseRoute53
+    #   @return [Types::ParseRoute53]
+    #
+    # @!attribute [rw] parse_postgres
+    #   Use this parameter to include the [ parsePostGres][1] processor in
+    #   your transformer.
+    #
+    #   If you use this processor, it must be the first processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parsePostGres
+    #   @return [Types::ParsePostgres]
+    #
+    # @!attribute [rw] parse_vpc
+    #   Use this parameter to include the [ parseVPC][1] processor in your
+    #   transformer.
+    #
+    #   If you use this processor, it must be the first processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseVPC
+    #   @return [Types::ParseVPC]
+    #
+    # @!attribute [rw] parse_waf
+    #   Use this parameter to include the [ parseWAF][1] processor in your
+    #   transformer.
+    #
+    #   If you use this processor, it must be the first processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-parseWAF
+    #   @return [Types::ParseWAF]
+    #
+    # @!attribute [rw] rename_keys
+    #   Use this parameter to include the [ renameKeys][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-renameKeys
+    #   @return [Types::RenameKeys]
+    #
+    # @!attribute [rw] split_string
+    #   Use this parameter to include the [ splitString][1] processor in
+    #   your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-splitString
+    #   @return [Types::SplitString]
+    #
+    # @!attribute [rw] substitute_string
+    #   Use this parameter to include the [ substituteString][1] processor
+    #   in your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-substituteString
+    #   @return [Types::SubstituteString]
+    #
+    # @!attribute [rw] trim_string
+    #   Use this parameter to include the [ trimString][1] processor in your
+    #   transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-trimString
+    #   @return [Types::TrimString]
+    #
+    # @!attribute [rw] type_converter
+    #   Use this parameter to include the [ typeConverter][1] processor in
+    #   your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-typeConverter
+    #   @return [Types::TypeConverter]
+    #
+    # @!attribute [rw] upper_case_string
+    #   Use this parameter to include the [ upperCaseString][1] processor in
+    #   your transformer.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-upperCaseString
+    #   @return [Types::UpperCaseString]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/Processor AWS API Documentation
+    #
+    class Processor < Struct.new(
+      :add_keys,
+      :copy_value,
+      :csv,
+      :date_time_converter,
+      :delete_keys,
+      :grok,
+      :list_to_map,
+      :lower_case_string,
+      :move_keys,
+      :parse_cloudfront,
+      :parse_json,
+      :parse_key_value,
+      :parse_route_53,
+      :parse_postgres,
+      :parse_vpc,
+      :parse_waf,
+      :rename_keys,
+      :split_string,
+      :substitute_string,
+      :trim_string,
+      :type_converter,
+      :upper_case_string)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] policy_name
     #   A name for the policy. This must be unique within the account.
     #   @return [String]
@@ -3854,10 +5717,34 @@ module Aws::CloudWatchLogs
     #     This property is only applicable when the destination is an
     #     Kinesis Data Streams data stream.
     #
+    #   **Transformer policy**
+    #
+    #   A transformer policy must include one JSON block with the array of
+    #   processors and their configurations. For more information about
+    #   available processors, see [ Processors that you can use][3].
+    #
+    #   **Field index policy**
+    #
+    #   A field index filter policy can include the following attribute in a
+    #   JSON block:
+    #
+    #   * **Fields** The array of field indexes to create.
+    #
+    #   ^
+    #
+    #   It must contain at least one field index.
+    #
+    #   The following is an example of an index policy document that creates
+    #   two indexes, `RequestId` and `TransactionId`.
+    #
+    #   `"policyDocument": "{ "Fields": [ "RequestId", "TransactionId"
+    #   ] }"`
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
     #   [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
+    #   [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
     #   @return [String]
     #
     # @!attribute [rw] policy_type
@@ -3872,18 +5759,25 @@ module Aws::CloudWatchLogs
     #   @return [String]
     #
     # @!attribute [rw] selection_criteria
-    #   Use this parameter to apply the subscription filter policy to a
-    #   subset of log groups in the account. Currently, the only supported
-    #   filter is `LogGroupName NOT IN []`. The `selectionCriteria` string
-    #   can be up to 25KB in length. The length is determined by using its
-    #   UTF-8 bytes.
+    #   Use this parameter to apply the new policy to a subset of log groups
+    #   in the account.
+    #
+    #   Specifing `selectionCriteria` is valid only when you specify
+    #   `SUBSCRIPTION_FILTER_POLICY`, `FIELD_INDEX_POLICY` or
+    #   `TRANSFORMER_POLICY`for `policyType`.
+    #
+    #   If `policyType` is `SUBSCRIPTION_FILTER_POLICY`, the only supported
+    #   `selectionCriteria` filter is `LogGroupName NOT IN []`
     #
-    #   Using the `selectionCriteria` parameter is useful to help prevent
-    #   infinite loops. For more information, see [Log recursion
-    #   prevention][1].
+    #   If `policyType` is `FIELD_INDEX_POLICY` or `TRANSFORMER_POLICY`, the
+    #   only supported `selectionCriteria` filter is `LogGroupNamePrefix`
     #
-    #   Specifing `selectionCriteria` is valid only when you specify `
-    #   SUBSCRIPTION_FILTER_POLICY` for `policyType`.
+    #   The `selectionCriteria` string can be up to 25KB in length. The
+    #   length is determined by using its UTF-8 bytes.
+    #
+    #   Using the `selectionCriteria` parameter with
+    #   `SUBSCRIPTION_FILTER_POLICY` is useful to help prevent infinite
+    #   loops. For more information, see [Log recursion prevention][1].
     #
     #
     #
@@ -4208,14 +6102,102 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
-    # @!attribute [rw] destination
-    #   The destination.
-    #   @return [Types::Destination]
+    # @!attribute [rw] destination
+    #   The destination.
+    #   @return [Types::Destination]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationResponse AWS API Documentation
+    #
+    class PutDestinationResponse < Struct.new(
+      :destination)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] log_group_identifier
+    #   Specify either the log group name or log group ARN to apply this
+    #   field index policy to. If you specify an ARN, use the format
+    #   arn:aws:logs:*region*:*account-id*:log-group:*log\_group\_name*
+    #   Don't include an * at the end.
+    #   @return [String]
+    #
+    # @!attribute [rw] policy_document
+    #   The index policy document, in JSON format. The following is an
+    #   example of an index policy document that creates two indexes,
+    #   `RequestId` and `TransactionId`.
+    #
+    #   `"policyDocument": "{ "Fields": [ "RequestId", "TransactionId" ] }"`
+    #
+    #   The policy document must include at least one field index. For more
+    #   information about the fields that can be included and other
+    #   restrictions, see [Field index syntax and quotas][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing-Syntax.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutIndexPolicyRequest AWS API Documentation
+    #
+    class PutIndexPolicyRequest < Struct.new(
+      :log_group_identifier,
+      :policy_document)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] index_policy
+    #   The index policy that you just created or updated.
+    #   @return [Types::IndexPolicy]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutIndexPolicyResponse AWS API Documentation
+    #
+    class PutIndexPolicyResponse < Struct.new(
+      :index_policy)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] integration_name
+    #   A name for the integration.
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_config
+    #   A structure that contains configuration information for the
+    #   integration that you are creating.
+    #   @return [Types::ResourceConfig]
+    #
+    # @!attribute [rw] integration_type
+    #   The type of integration. Currently, the only supported type is
+    #   `OPENSEARCH`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutIntegrationRequest AWS API Documentation
+    #
+    class PutIntegrationRequest < Struct.new(
+      :integration_name,
+      :resource_config,
+      :integration_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] integration_name
+    #   The name of the integration that you just created.
+    #   @return [String]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutDestinationResponse AWS API Documentation
+    # @!attribute [rw] integration_status
+    #   The status of the integration that you just created.
     #
-    class PutDestinationResponse < Struct.new(
-      :destination)
+    #   After you create an integration, it takes a few minutes to complete.
+    #   During this time, you'll see the status as `PROVISIONING`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutIntegrationResponse AWS API Documentation
+    #
+    class PutIntegrationResponse < Struct.new(
+      :integration_name,
+      :integration_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4243,7 +6225,7 @@ module Aws::CloudWatchLogs
     #   @return [String]
     #
     # @!attribute [rw] entity
-    #   Reserved for internal use.
+    #   The entity associated with the log events.
     #   @return [Types::Entity]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEventsRequest AWS API Documentation
@@ -4276,7 +6258,12 @@ module Aws::CloudWatchLogs
     #   @return [Types::RejectedLogEventsInfo]
     #
     # @!attribute [rw] rejected_entity_info
-    #   Reserved for internal use.
+    #   Information about why the entity is rejected when calling
+    #   `PutLogEvents`. Only returned when the entity is rejected.
+    #
+    #   <note markdown="1"> When the entity is rejected, the events may still be accepted.
+    #
+    #    </note>
     #   @return [Types::RejectedEntityInfo]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutLogEventsResponse AWS API Documentation
@@ -4307,17 +6294,44 @@ module Aws::CloudWatchLogs
     #   emitted.
     #   @return [Array<Types::MetricTransformation>]
     #
+    # @!attribute [rw] apply_on_transformed_logs
+    #   This parameter is valid only for log groups that have an active log
+    #   transformer. For more information about log transformers, see
+    #   [PutTransformer][1].
+    #
+    #   If the log group uses either a log-group level or account-level
+    #   transformer, and you specify `true`, the metric filter will be
+    #   applied on the transformed version of the log events instead of the
+    #   original ingested log events.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilterRequest AWS API Documentation
     #
     class PutMetricFilterRequest < Struct.new(
       :log_group_name,
       :filter_name,
       :filter_pattern,
-      :metric_transformations)
+      :metric_transformations,
+      :apply_on_transformed_logs)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] query_language
+    #   Specify the query language to use for this query. The options are
+    #   Logs Insights QL, OpenSearch PPL, and OpenSearch SQL. For more
+    #   information about the query languages that CloudWatch Logs supports,
+    #   see [Supported query languages][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html
+    #   @return [String]
+    #
     # @!attribute [rw] name
     #   A name for the query definition. If you are saving numerous query
     #   definitions, we recommend that you name them. This way, you can find
@@ -4347,9 +6361,12 @@ module Aws::CloudWatchLogs
     #
     # @!attribute [rw] log_group_names
     #   Use this parameter to include specific log groups as part of your
-    #   query definition.
+    #   query definition. If your query uses the OpenSearch Service query
+    #   language, you specify the log group names inside the `querystring`
+    #   instead of here.
     #
-    #   If you are updating a query definition and you omit this parameter,
+    #   If you are updating an existing query definition for the Logs
+    #   Insights QL or OpenSearch Service PPL and you omit this parameter,
     #   then the updated definition will contain no log groups.
     #   @return [Array<String>]
     #
@@ -4373,6 +6390,7 @@ module Aws::CloudWatchLogs
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutQueryDefinitionRequest AWS API Documentation
     #
     class PutQueryDefinitionRequest < Struct.new(
+      :query_language,
       :name,
       :query_definition_id,
       :log_group_names,
@@ -4538,6 +6556,21 @@ module Aws::CloudWatchLogs
     #   applicable when the destination is an Amazon Kinesis data stream.
     #   @return [String]
     #
+    # @!attribute [rw] apply_on_transformed_logs
+    #   This parameter is valid only for log groups that have an active log
+    #   transformer. For more information about log transformers, see
+    #   [PutTransformer][1].
+    #
+    #   If the log group uses either a log-group level or account-level
+    #   transformer, and you specify `true`, the subscription filter will be
+    #   applied on the transformed version of the log events instead of the
+    #   original ingested log events.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilterRequest AWS API Documentation
     #
     class PutSubscriptionFilterRequest < Struct.new(
@@ -4546,7 +6579,29 @@ module Aws::CloudWatchLogs
       :filter_pattern,
       :destination_arn,
       :role_arn,
-      :distribution)
+      :distribution,
+      :apply_on_transformed_logs)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] log_group_identifier
+    #   Specify either the name or ARN of the log group to create the
+    #   transformer for.
+    #   @return [String]
+    #
+    # @!attribute [rw] transformer_config
+    #   This structure contains the configuration of this log transformer. A
+    #   log transformer is an array of processors, where each processor
+    #   applies one type of transformation to the log events that are
+    #   ingested.
+    #   @return [Array<Types::Processor>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutTransformerRequest AWS API Documentation
+    #
+    class PutTransformerRequest < Struct.new(
+      :log_group_identifier,
+      :transformer_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4592,6 +6647,16 @@ module Aws::CloudWatchLogs
     # This structure contains details about a saved CloudWatch Logs Insights
     # query definition.
     #
+    # @!attribute [rw] query_language
+    #   The query language used for this query. For more information about
+    #   the query languages that CloudWatch Logs supports, see [Supported
+    #   query languages][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html
+    #   @return [String]
+    #
     # @!attribute [rw] query_definition_id
     #   The unique ID of the query definition.
     #   @return [String]
@@ -4621,6 +6686,7 @@ module Aws::CloudWatchLogs
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/QueryDefinition AWS API Documentation
     #
     class QueryDefinition < Struct.new(
+      :query_language,
       :query_definition_id,
       :name,
       :query_string,
@@ -4633,6 +6699,16 @@ module Aws::CloudWatchLogs
     # Information about one CloudWatch Logs Insights query that matches the
     # request in a `DescribeQueries` operation.
     #
+    # @!attribute [rw] query_language
+    #   The query language used for this query. For more information about
+    #   the query languages that CloudWatch Logs supports, see [Supported
+    #   query languages][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html
+    #   @return [String]
+    #
     # @!attribute [rw] query_id
     #   The unique ID number of this query.
     #   @return [String]
@@ -4657,6 +6733,7 @@ module Aws::CloudWatchLogs
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/QueryInfo AWS API Documentation
     #
     class QueryInfo < Struct.new(
+      :query_language,
       :query_id,
       :query_string,
       :status,
@@ -4670,6 +6747,17 @@ module Aws::CloudWatchLogs
     # log events that matched the query criteria, and the total number of
     # bytes in the log events that were scanned.
     #
+    # If the query involved log groups that have field index policies, the
+    # estimated number of skipped log events and the total bytes of those
+    # skipped log events are included. Using field indexes to skip log
+    # events in queries reduces scan volume and improves performance. For
+    # more information, see [Create field indexes to improve query
+    # performance and reduce scan volume][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
+    #
     # @!attribute [rw] records_matched
     #   The number of log events that matched the query string.
     #   @return [Float]
@@ -4678,17 +6766,48 @@ module Aws::CloudWatchLogs
     #   The total number of log events scanned during the query.
     #   @return [Float]
     #
+    # @!attribute [rw] estimated_records_skipped
+    #   An estimate of the number of log events that were skipped when
+    #   processing this query, because the query contained an indexed field.
+    #   Skipping these entries lowers query costs and improves the query
+    #   performance time. For more information about field indexes, see
+    #   [PutIndexPolicy][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
+    #   @return [Float]
+    #
     # @!attribute [rw] bytes_scanned
     #   The total number of bytes in the log events scanned during the
     #   query.
     #   @return [Float]
     #
+    # @!attribute [rw] estimated_bytes_skipped
+    #   An estimate of the number of bytes in the log events that were
+    #   skipped when processing this query, because the query contained an
+    #   indexed field. Skipping these entries lowers query costs and
+    #   improves the query performance time. For more information about
+    #   field indexes, see [PutIndexPolicy][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
+    #   @return [Float]
+    #
+    # @!attribute [rw] log_groups_scanned
+    #   The number of log groups that were scanned by this query.
+    #   @return [Float]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/QueryStatistics AWS API Documentation
     #
     class QueryStatistics < Struct.new(
       :records_matched,
       :records_scanned,
-      :bytes_scanned)
+      :estimated_records_skipped,
+      :bytes_scanned,
+      :estimated_bytes_skipped,
+      :log_groups_scanned)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4726,10 +6845,12 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
-    # Reserved for internal use.
+    # If an entity is rejected when a `PutLogEvents` request was made, this
+    # includes details about the reason for the rejection.
     #
     # @!attribute [rw] error_type
-    #   Reserved for internal use.
+    #   The type of error that caused the rejection of the entity when
+    #   calling `PutLogEvents`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/RejectedEntityInfo AWS API Documentation
@@ -4766,12 +6887,87 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This object defines one key that will be renamed with the [
+    # renameKey][1] processor.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-renameKey
+    #
+    # @!attribute [rw] key
+    #   The key to rename
+    #   @return [String]
+    #
+    # @!attribute [rw] rename_to
+    #   The string to use for the new key name
+    #   @return [String]
+    #
+    # @!attribute [rw] overwrite_if_exists
+    #   Specifies whether to overwrite the existing value if the destination
+    #   key already exists. The default is `false`
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/RenameKeyEntry AWS API Documentation
+    #
+    class RenameKeyEntry < Struct.new(
+      :key,
+      :rename_to,
+      :overwrite_if_exists)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to rename keys in a log event.
+    #
+    # For more information about this processor including examples, see [
+    # renameKeys][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-renameKeys
+    #
+    # @!attribute [rw] entries
+    #   An array of `RenameKeyEntry` objects, where each object contains the
+    #   information about a single key to rename.
+    #   @return [Array<Types::RenameKeyEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/RenameKeys AWS API Documentation
+    #
+    class RenameKeys < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The specified resource already exists.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ResourceAlreadyExistsException AWS API Documentation
     #
     class ResourceAlreadyExistsException < Aws::EmptyStructure; end
 
+    # This structure contains configuration details about an integration
+    # between CloudWatch Logs and another entity.
+    #
+    # @note ResourceConfig is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] open_search_resource_config
+    #   This structure contains configuration details about an integration
+    #   between CloudWatch Logs and OpenSearch Service.
+    #   @return [Types::OpenSearchResourceConfig]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ResourceConfig AWS API Documentation
+    #
+    class ResourceConfig < Struct.new(
+      :open_search_resource_config,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class OpenSearchResourceConfig < ResourceConfig; end
+      class Unknown < ResourceConfig; end
+    end
+
     # The specified resource does not exist.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ResourceNotFoundException AWS API Documentation
@@ -4917,6 +7113,53 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # Use this processor to split a field into an array of strings using a
+    # delimiting character.
+    #
+    # For more information about this processor including examples, see [
+    # splitString][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-splitString
+    #
+    # @!attribute [rw] entries
+    #   An array of `SplitStringEntry` objects, where each object contains
+    #   the information about one field to split.
+    #   @return [Array<Types::SplitStringEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SplitString AWS API Documentation
+    #
+    class SplitString < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This object defines one log field that will be split with the [
+    # splitString][1] processor.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-splitString
+    #
+    # @!attribute [rw] source
+    #   The key of the field to split.
+    #   @return [String]
+    #
+    # @!attribute [rw] delimiter
+    #   The separator characters to split the string entry on.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SplitStringEntry AWS API Documentation
+    #
+    class SplitStringEntry < Struct.new(
+      :source,
+      :delimiter)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] log_group_identifiers
     #   An array where each item in the array is a log group to include in
     #   the Live Tail session.
@@ -4997,12 +7240,25 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] query_language
+    #   Specify the query language to use for this query. The options are
+    #   Logs Insights QL, OpenSearch PPL, and OpenSearch SQL. For more
+    #   information about the query languages that CloudWatch Logs supports,
+    #   see [Supported query languages][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_AnalyzeLogData_Languages.html
+    #   @return [String]
+    #
     # @!attribute [rw] log_group_name
     #   The log group on which to perform the query.
     #
     #   <note markdown="1"> A `StartQuery` operation must include exactly one of the following
     #   parameters: `logGroupName`, `logGroupNames`, or
-    #   `logGroupIdentifiers`.
+    #   `logGroupIdentifiers`. The exception is queries using the OpenSearch
+    #   Service SQL query language, where you specify the log group names
+    #   inside the `querystring` instead of here.
     #
     #    </note>
     #   @return [String]
@@ -5013,7 +7269,9 @@ module Aws::CloudWatchLogs
     #
     #   <note markdown="1"> A `StartQuery` operation must include exactly one of the following
     #   parameters: `logGroupName`, `logGroupNames`, or
-    #   `logGroupIdentifiers`.
+    #   `logGroupIdentifiers`. The exception is queries using the OpenSearch
+    #   Service SQL query language, where you specify the log group names
+    #   inside the `querystring` instead of here.
     #
     #    </note>
     #   @return [Array<String>]
@@ -5027,11 +7285,15 @@ module Aws::CloudWatchLogs
     #   monitoring account, you must specify the ARN of the log group here.
     #   The query definition must also be defined in the monitoring account.
     #
-    #   If you specify an ARN, the ARN can't end with an asterisk (*).
+    #   If you specify an ARN, use the format
+    #   arn:aws:logs:*region*:*account-id*:log-group:*log\_group\_name*
+    #   Don't include an * at the end.
     #
     #   A `StartQuery` operation must include exactly one of the following
     #   parameters: `logGroupName`, `logGroupNames`, or
-    #   `logGroupIdentifiers`.
+    #   `logGroupIdentifiers`. The exception is queries using the OpenSearch
+    #   Service SQL query language, where you specify the log group names
+    #   inside the `querystring` instead of here.
     #   @return [Array<String>]
     #
     # @!attribute [rw] start_time
@@ -5065,6 +7327,7 @@ module Aws::CloudWatchLogs
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/StartQueryRequest AWS API Documentation
     #
     class StartQueryRequest < Struct.new(
+      :query_language,
       :log_group_name,
       :log_group_names,
       :log_group_identifiers,
@@ -5142,6 +7405,20 @@ module Aws::CloudWatchLogs
     #   be either random or grouped by log stream.
     #   @return [String]
     #
+    # @!attribute [rw] apply_on_transformed_logs
+    #   This parameter is valid only for log groups that have an active log
+    #   transformer. For more information about log transformers, see
+    #   [PutTransformer][1].
+    #
+    #   If this value is `true`, the subscription filter is applied on the
+    #   transformed version of the log events instead of the original
+    #   ingested log events.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
+    #   @return [Boolean]
+    #
     # @!attribute [rw] creation_time
     #   The creation time of the subscription filter, expressed as the
     #   number of milliseconds after `Jan 1, 1970 00:00:00 UTC`.
@@ -5156,11 +7433,71 @@ module Aws::CloudWatchLogs
       :destination_arn,
       :role_arn,
       :distribution,
+      :apply_on_transformed_logs,
       :creation_time)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # This processor matches a key’s value against a regular expression and
+    # replaces all matches with a replacement string.
+    #
+    # For more information about this processor including examples, see [
+    # substituteString][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-substituteString
+    #
+    # @!attribute [rw] entries
+    #   An array of objects, where each object contains the information
+    #   about one key to match and replace.
+    #   @return [Array<Types::SubstituteStringEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SubstituteString AWS API Documentation
+    #
+    class SubstituteString < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This object defines one log field key that will be replaced using the
+    # [ substituteString][1] processor.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-substituteString
+    #
+    # @!attribute [rw] source
+    #   The key to modify
+    #   @return [String]
+    #
+    # @!attribute [rw] from
+    #   The regular expression string to be replaced. Special regex
+    #   characters such as \[ and \] must be escaped using \\\\ when using
+    #   double quotes and with \\ when using single quotes. For more
+    #   information, see [ Class Pattern][1] on the Oracle web site.
+    #
+    #
+    #
+    #   [1]: https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/regex/Pattern.html
+    #   @return [String]
+    #
+    # @!attribute [rw] to
+    #   The string to be substituted for each match of `from`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/SubstituteStringEntry AWS API Documentation
+    #
+    class SubstituteStringEntry < Struct.new(
+      :source,
+      :from,
+      :to)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # If you are suppressing an anomaly temporariliy, this structure defines
     # how long the suppression period is to be.
     #
@@ -5262,6 +7599,41 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # @!attribute [rw] transformer_config
+    #   This structure contains the configuration of this log transformer
+    #   that you want to test. A log transformer is an array of processors,
+    #   where each processor applies one type of transformation to the log
+    #   events that are ingested.
+    #   @return [Array<Types::Processor>]
+    #
+    # @!attribute [rw] log_event_messages
+    #   An array of the raw log events that you want to use to test this
+    #   transformer.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestTransformerRequest AWS API Documentation
+    #
+    class TestTransformerRequest < Struct.new(
+      :transformer_config,
+      :log_event_messages)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] transformed_logs
+    #   An array where each member of the array includes both the original
+    #   version and the transformed version of one of the log events that
+    #   you input.
+    #   @return [Array<Types::TransformedLogRecord>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestTransformerResponse AWS API Documentation
+    #
+    class TestTransformerResponse < Struct.new(
+      :transformed_logs)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was throttled because of quota limits.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ThrottlingException AWS API Documentation
@@ -5286,6 +7658,103 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This structure contains information for one log event that has been
+    # processed by a log transformer.
+    #
+    # @!attribute [rw] event_number
+    #   The event number.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] event_message
+    #   The original log event message before it was transformed.
+    #   @return [String]
+    #
+    # @!attribute [rw] transformed_event_message
+    #   The log event message after being transformed.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TransformedLogRecord AWS API Documentation
+    #
+    class TransformedLogRecord < Struct.new(
+      :event_number,
+      :event_message,
+      :transformed_event_message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to remove leading and trailing whitespace.
+    #
+    # For more information about this processor including examples, see [
+    # trimString][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-trimString
+    #
+    # @!attribute [rw] with_keys
+    #   The array containing the keys of the fields to trim.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TrimString AWS API Documentation
+    #
+    class TrimString < Struct.new(
+      :with_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Use this processor to convert a value type associated with the
+    # specified key to the specified type. It's a casting processor that
+    # changes the types of the specified fields. Values can be converted
+    # into one of the following datatypes: `integer`, `double`, `string` and
+    # `boolean`.
+    #
+    # For more information about this processor including examples, see [
+    # trimString][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-trimString
+    #
+    # @!attribute [rw] entries
+    #   An array of `TypeConverterEntry` objects, where each object contains
+    #   the information about one field to change the type of.
+    #   @return [Array<Types::TypeConverterEntry>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TypeConverter AWS API Documentation
+    #
+    class TypeConverter < Struct.new(
+      :entries)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This object defines one value type that will be converted using the [
+    # typeConverter][1] processor.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-typeConverter
+    #
+    # @!attribute [rw] key
+    #   The key with the value that is to be converted to a different type.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type to convert the field value to. Valid values are `integer`,
+    #   `double`, `string` and `boolean`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TypeConverterEntry AWS API Documentation
+    #
+    class TypeConverterEntry < Struct.new(
+      :key,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The most likely cause is an Amazon Web Services access key ID or
     # secret key that's not valid.
     #
@@ -5479,6 +7948,28 @@ module Aws::CloudWatchLogs
       include Aws::Structure
     end
 
+    # This processor converts a string field to uppercase.
+    #
+    # For more information about this processor including examples, see [
+    # upperCaseString][1] in the *CloudWatch Logs User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-upperCaseString
+    #
+    # @!attribute [rw] with_keys
+    #   The array of containing the keys of the field to convert to
+    #   uppercase.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/UpperCaseString AWS API Documentation
+    #
+    class UpperCaseString < Struct.new(
+      :with_keys)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # One of the parameters for the request is not valid.
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ValidationException AWS API Documentation