Class: SumoLogForwarder

Inherits:
Object
  • Object
show all
Defined in:
lib/tpt_serverless/sumo_log_forwarder.rb

Class Method Summary collapse

Class Method Details

.handler(event:, context:) ⇒ Object

This handler receives CloudWatch log events, parses the events and forwards the extracted logs to Sumo Logic.

It performs a few helpful cleanup/prep functions as well.


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# File 'lib/tpt_serverless/sumo_log_forwarder.rb', line 31

def handler(event: , context:)
  sumo_endpoint = ENV['SUMO_ENDPOINT']

  if sumo_endpoint.nil? || sumo_endpoint.strip.empty?
    puts 'ERROR: SUMO_ENDPOINT is not set. Skipping log forwarding.'
    return
  end

  sumo_url = URI.parse(sumo_endpoint)
  raw_data = event.fetch('awslogs').fetch('data')
  unzipped_data = Zlib.gunzip(Base64.decode64(raw_data))
  data = JSON.parse(unzipped_data)

  message_type = data.fetch('messageType')
  log_group = data.fetch('logGroup')
  log_stream = data.fetch('logStream')
  log_events = data.fetch('logEvents')

  if message_type === 'CONTROL_MESSAGE'
    puts 'skipping control message'
    return
  end

  puts "message_count=#{log_events.length}"

  messages_data = extract_messages(log_events).map do |message|
    # AWS replaces newlines with carriage returns in Lambda logs
    message.gsub(/\r(?!\n)/, "\n")
  end.join('')

  send_to_sumo(sumo_url, log_group, log_stream, messages_data)
end