def lambda_handler(event, context):
"""
Auto-subscribe to log group from event.
:param event: Event data from CloudWatch Logs.
:type event: dict
:param context: Lambda object context.
:type context: obj
:return: None
:rtype: NoneType
"""
# Grab the log group name from incoming event.
log_group_name = event["detail"]["requestParameters"]["logGroupName"]
# Check whether the prefix is set - the prefix is used to determine which logs we want.
if not humio_subscription_prefix:
helpers.create_subscription(log_client, log_group_name,
humio_log_ingester_arn, context)
else:
# Check whether the log group's name starts with the set prefix.
if log_group_name.startswith(humio_subscription_prefix):
helpers.create_subscription(log_client, log_group_name,
humio_log_ingester_arn, context)
def lambda_handler(event, context):
# grab all log groups with a token if we have it
if 'nextToken' in event.keys():
nextToken = event['nextToken']
if humio_subscription_prefix:
log_groups = log_client.describe_log_groups(
logGroupNamePrefix=humio_subscription_prefix,
nextToken=nextToken)
else:
log_groups = log_client.describe_log_groups(nextToken=nextToken)
else:
if humio_subscription_prefix:
log_groups = log_client.describe_log_groups(
logGroupNamePrefix=humio_subscription_prefix, )
else:
log_groups = log_client.describe_log_groups()
# if we have a token, recursively fire another instance of backfiller with it
if 'nextToken' in log_groups.keys():
lambda_cli = boto3.client("lambda")
event['nextToken'] = log_groups['nextToken']
lambda_cli.invoke_async(FunctionName=context.function_name,
InvokeArgs=json.dumps(event))
# loop through log groups
for logGroup in log_groups['logGroups']:
# grab all subscriptions for the specified log group
all_subscription_filters = log_client.describe_subscription_filters(
logGroupName=logGroup['logGroupName'])
# first we check to see if there are any filters at all
if all_subscription_filters['subscriptionFilters']:
# if our function is not subscribed delete subscription and create ours
if all_subscription_filters['subscriptionFilters'][0][
'destinationArn'] != humio_log_ingester_arn:
helpers.delete_subscription(
log_client, logGroup['logGroupName'],
all_subscription_filters['subscriptionFilters'][0]
['filterName'])
helpers.create_subscription(log_client,
logGroup['logGroupName'],
humio_log_ingester_arn, context)
# we are subbed
else:
print("We are subscribed to %s" % logGroup['logGroupName'])
# there are no filters, lets subscribe!
else:
helpers.create_subscription(log_client, logGroup['logGroupName'],
humio_log_ingester_arn, context)
# keep hitting rate limits? TODO: find actual limits and back off using those
sleep(0.8)
def lambda_handler(event, context):
# setup log client
log_client = boto3.client('logs')
# grab log group name from incoming event
log_group_name = event['detail']['requestParameters']['logGroupName']
# env vars
humio_log_ingester_arn = os.environ['humio_log_ingester_arn']
humio_subscription_prefix = os.environ['humio_subscription_prefix']
# check if the prefix is empty
if not humio_subscription_prefix:
helpers.create_subscription(log_client, log_group_name,
humio_log_ingester_arn, context)
else:
# check if log group name starts with our prefix
if log_group_name.startswith(humio_subscription_prefix):
helpers.create_subscription(log_client, log_group_name,
humio_log_ingester_arn, context)
def lambda_handler(event, context):
"""
Back-filler function that lists all log groups and subscribes to them.
:param event: Event data from CloudWatch Logs.
:type event: dict
:param context: Lambda context object.
:type context: obj
:return: None
"""
# Grab all log groups with a token and/or prefix if we have them.
if "nextToken" in event.keys():
next_token = event["nextToken"]
if humio_subscription_prefix:
log_groups = log_client.describe_log_groups(
logGroupNamePrefix=humio_subscription_prefix,
nextToken=next_token
)
else:
log_groups = log_client.describe_log_groups(
nextToken=next_token
)
else:
if humio_subscription_prefix:
log_groups = log_client.describe_log_groups(
logGroupNamePrefix=humio_subscription_prefix,
)
else:
log_groups = log_client.describe_log_groups()
# If we have a next token, recursively fire another instance of backfiller with it.
if "nextToken" in log_groups.keys():
lambda_client = boto3.client("lambda")
event["nextToken"] = log_groups["nextToken"]
lambda_client.invoke(
FunctionName=context.function_name,
InvocationType="Event",
Payload=json.dumps(event)
)
# Loop through log groups.
for log_group in log_groups["logGroups"]:
# Grab all subscriptions for the specified log group.
all_subscription_filters = log_client.describe_subscription_filters(
logGroupName=log_group["logGroupName"]
)
# First we check to see if there are any filters at all.
if all_subscription_filters["subscriptionFilters"]:
# If our function is not subscribed, delete subscription and create ours.
if all_subscription_filters["subscriptionFilters"][0]["destinationArn"] != humio_log_ingester_arn:
helpers.delete_subscription(
log_client,
log_group["logGroupName"],
all_subscription_filters["subscriptionFilters"][0]["filterName"]
)
helpers.create_subscription(
log_client,
log_group["logGroupName"],
humio_log_ingester_arn,
context
)
# We are now subscribed.
else:
print("We are already subscribed to %s" % log_group["logGroupName"])
# When there are no subscription filters, let us subscribe!
else:
helpers.create_subscription(
log_client,
log_group["logGroupName"],
humio_log_ingester_arn, context
)