Class: SumoLogForwarder

Inherits:

Object

Object
SumoLogForwarder

show all

Defined in:: lib/tpt_serverless/sumo_log_forwarder.rb

Class Method Summary collapse

.handler(event:, context:) ⇒ Object

This handler receives CloudWatch log events, parses the events and forwards the extracted logs to Sumo Logic.

Class Method Details

.handler(event:, context:) ⇒ `Object`

This handler receives CloudWatch log events, parses the events and forwards the extracted logs to Sumo Logic.

It performs a few helpful cleanup/prep functions as well.

# File 'lib/tpt_serverless/sumo_log_forwarder.rb', line 31

def handler(event: , context:)
  sumo_endpoint = ENV['SUMO_ENDPOINT']

  if sumo_endpoint.nil? || sumo_endpoint.strip.empty?
    puts 'ERROR: SUMO_ENDPOINT is not set. Skipping log forwarding.'
    return
  end

  sumo_url = URI.parse(sumo_endpoint)
  raw_data = event.fetch('awslogs').fetch('data')
  unzipped_data = Zlib.gunzip(Base64.decode64(raw_data))
  data = JSON.parse(unzipped_data)

  message_type = data.fetch('messageType')
  log_group = data.fetch('logGroup')
  log_stream = data.fetch('logStream')
  log_events = data.fetch('logEvents')

  if message_type === 'CONTROL_MESSAGE'
    puts 'skipping control message'
    return
  end

  puts "message_count=#{log_events.length}"

  messages_data = extract_messages(log_events).map do |message|
    # AWS replaces newlines with carriage returns in Lambda logs
    message.gsub(/\r(?!\n)/, "\n")
  end.join('')

  send_to_sumo(sumo_url, log_group, log_stream, messages_data)
end

Class: SumoLogForwarder

Class Method Summary collapse

Class Method Details

.handler(event:, context:) ⇒ Object

.handler(event:, context:) ⇒ `Object`