Cistern is an event aggregation and indexing system. Cistern consumes VPC Flow Logs and JSON events
from AWS CloudWatch Logs and exposes a SQL-like querying interface.
Supported sources
CloudWatch Logs
VPC Flow Logs
JSON CloudWatch Logs events
Coming soon:
sFlow v5
Documentation
The official documentation is available on the Cistern website.