def lambda_handler(event, context):
"""
Extract log data from CloudWatch Logs events and
pass the data onto the Humio ingester.
:param event: Event data from CloudWatch Logs.
:type event: dict
:param context: Lambda context object.
:type context: obj
:return: None
"""
# Persist variables across lambda invocations.
if not _is_setup:
helpers.setup()
# Decode and unzip the log data.
decoded_event = helpers.decode_event(event)
# Debug output.
logger.debug("Event from CloudWatch Logs: %s" %
(json.dumps(decoded_event)))
# Extract the general attributes from the event batch.
batch_attrs = {
"owner":
decoded_event.get("owner", "undefined"),
"logGroup":
decoded_event.get("logGroup", "undefined"),
"logStream":
decoded_event.get("logStream", "undefined"),
"messageType":
decoded_event.get("messageType", "undefined"),
"subscriptionFilters":
decoded_event.get("subscriptionFilters", "undefined"),
}
# Parse out the service name.
log_group_parser = re.compile("^/aws/(lambda|apigateway)/(.*)")
parsed_log_group = log_group_parser.match(decoded_event.get("", ""))
if parsed_log_group:
batch_attrs.update({
"awsServiceName": parsed_log_group.group(1),
"parsedLogGroupName": parsed_log_group.group(2)
})
# Flatten the events from CloudWatch Logs.
humio_events = []
for log_event in decoded_event["logEvents"]:
message = log_event["message"]
# Create the attributes.
attributes = {}
attributes.update(batch_attrs)
attributes.update(helpers.parse_message(message))
# Append the flattened event
humio_events.append({
"timestamp": log_event["timestamp"],
"rawstring": message,
"kvparse": True,
"attributes": attributes,
})
# Make request to Humio.
request = helpers.ingest_events(humio_events, 'cloudwatch_logs')
response = request.text
# Debug output.
logger.debug("Got response %s from Humio." % response)
def lambda_handler(event, context):
"""
Ingest CloudWatch Logs to Humio repository.
:param event: Event data from CloudWatch Logs.
:type event: dict
:param context: Lambda object context.
:type context: obj
:return: None
:rtype: NoneType
"""
if not _is_setup:
setup()
# TODO: Use Python Client.
humio_url = "%s://%s/api/v1/dataspaces/%s/ingest" % (
humio_protocol, humio_host, humio_repository)
humio_headers = {
"Content-Type": "application/json",
"Authorization": "Bearer %s" % humio_ingest_token
}
# Decode and unzip the log data.
decoded_event = helpers.decode_event(event)
# Debug output.
print("Event from CloudWatch Logs: %s" % (json.dumps(decoded_event)))
# Extract the general attributes from the event batch.
batch_attrs = {
"owner":
decoded_event.get("owner", "undefined"),
"logGroup":
decoded_event.get("logGroup", "undefined"),
"logStream":
decoded_event.get("logStream", "undefined"),
"messageType":
decoded_event.get("messageType", "undefined"),
"subscriptionFilters":
decoded_event.get("subscriptionFilters", "undefined"),
}
# Parse out the service name.
log_group_parser = re.compile("^/aws/(lambda|apigateway)/(.*)")
parsed_log_group = log_group_parser.match(decoded_event.get("", ""))
if parsed_log_group:
batch_attrs.update({
"awsServiceName": parsed_log_group.group(1),
"parsedLogGroupName": parsed_log_group.group(2)
})
# Flatten the events from CloudWatch Logs.
humio_events = []
for log_event in decoded_event["logEvents"]:
message = log_event["message"]
# Create the attributes.
attributes = {}
attributes.update(batch_attrs)
attributes.update(helpers.parse_message(message))
# Append the flattened event
humio_events.append({
"timestamp": log_event["timestamp"],
"rawstring": message,
"kvparse": True,
"attributes": attributes,
})
# Make a batch for the Humio Ingest API.
wrapped_data = [{"tags": {"host": "lambda"}, "events": humio_events}]
# Make request.
request = http_session.post(humio_url,
data=json.dumps(wrapped_data),
headers=humio_headers)
response = request.text
# Debug output.
print("Got response %s from Humio." % response)