Add Readme file for cloudwatchlogs folder, also add a special version for AWS Lambda logs

duchatran · duchatran · commit fbe256ed9af6 · 2016-01-18T17:12:50.000-08:00
diff --git a/cloudwatchlogs/README.md b/cloudwatchlogs/README.md
@@ -0,0 +1,19 @@
+SumoLogic Functions for AWS CloudWatch Logs 
+===========================================
+
+Files 
+-----
+*	*cloudwatchlogs.js*:  node.js file to collect data from AWS CWL. Can also be used to collect AWS VPC Flowlogs sent via CWL.
+*	*cloudwatchlogs_lambda.js*:  node.js file to collect AWS Lambda logs via CWL. This version extracts and add a "RequestId" field to each log line to make correlations easier.
+
+Usage
+-----
+1. First create an HTTP source endpoint on the Sumo side. You will need this endpoint for the lambda function later.
+2. Goto AWS CloudWatch Logs console, check the Log Group you want to send data to Sumologic. From Actions button, select "Start Streaming to Lambda Service", then "Create a Lambda function"
+3. Skip the blueprint
+4. Copy the relevant lambda function to the console. **REMEMBER** to replace the value of *hostname* in the function with the relevant value for your SumoLogic account, and of the *path* with HTTP endpoint created in the first step above. 
+5. Scroll down to the *Lambda function handle and role* section, make sure you set the right values that match the function. For role, you can just use the basic execution role. Click next.
+6. Finally click on "Create function" to create the function. 
+7. (Optional) Test this new function with sample AWS CloudWatch Logs template provided by AWS  
+
+
diff --git a/cloudwatchlogs/cloudwatchlogs_lambda.js b/cloudwatchlogs/cloudwatchlogs_lambda.js
@@ -0,0 +1,56 @@
+
+var https = require('https');
+var zlib = require('zlib');
+
+exports.handler = function(event, context) {
+		///////////////////////////////////////////////////////////////////////////////////////////////////////////
+		// Remember to change the hostname and path to match your collection API and specific HTTP-source endpoint
+		// See more at: https://service.sumologic.com/help/Default.htm#Collector_Management_API.htm
+		///////////////////////////////////////////////////////////////////////////////////////////////////////////
+	    var options = { 'hostname': 'collectors.sumologic.com',
+						'path': 'https://collectors.sumologic.com/receiver/v1/http/<XXX>',
+						'method': 'POST'
+					};
+		var zippedInput = new Buffer(event.awslogs.data, 'base64');
+
+		zlib.gunzip(zippedInput, function(e, buffer) {
+			if (e) { context.fail(e); }       
+
+			awslogsData = JSON.parse(buffer.toString('ascii'));
+
+			console.log(awslogsData);
+
+			if (awslogsData.messageType === "CONTROL_MESSAGE") {
+				console.log("Control message");
+				context.succeed("Success");
+			}
+
+			var req = https.request(options, function(res) {
+				var body = '';
+				console.log('Status:', res.statusCode);
+				res.setEncoding('utf8');
+				res.on('data', function(chunk) { body += chunk; });
+				res.on('end', function() {
+					console.log('Successfully processed HTTPS response');
+					context.succeed(); });
+			});
+
+			req.on('error', context.fail);
+
+			stream=awslogsData.logStream;
+			group=awslogsData.logGroup;
+
+			curRequestID = null;
+			var re = new RegExp(/RequestId: (\S+) /);
+			awslogsData.logEvents.forEach(function(val, idx, arr) {
+				val.logStream = stream;
+				val.logGroup = group;
+				var rs = re.exec(val.message);
+				if (rs!=null) { curRequestID = rs[1]; }
+				val.requestID = curRequestID;
+				req.write(JSON.stringify(val) + '\n');
+			});
+			req.end();
+		});    
+};
+
