Skip to content

Instantly share code, notes, and snippets.

@qoomon
Last active March 27, 2020 14:21
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save qoomon/ef4b91f5c304dafbd0688a415afeaf46 to your computer and use it in GitHub Desktop.
DataDog Log Pipeline for Lambda Logs - Grok Parser
#### JSON Rules
#2018-08-22T11:05:02.637Z 4d8b3785-079a-5f47-9b09-647242079aed {"level": "INFO", "message": "that's an interesting message", "user": "john"}
log_json_rule %{date("yyyy-MM-dd'T'HH:mm:ss.SSSZ"):timestamp}\s+%{notSpace:lambda.request_id}\s+%{regex("\\{.*\\}")::json}
#### Plain Text Rules
#2018-08-22T11:05:02.637Z 4d8b3785-079a-5f47-9b09-647242079aed INFO: that's an interesting message
log_level_msg_rule %{date("yyyy-MM-dd'T'HH:mm:ss.SSSZ"):timestamp}\s+%{notSpace:lambda.request_id}\s+%{regex("/(?i)ERROR|WARN|INFO|DEBUG|TRACE/"):level}:?\s+%{data:message}
#2018-08-22T11:05:02.637Z 4d8b3785-079a-5f47-9b09-647242079aed that's an interesting message
log_msg_rule %{date("yyyy-MM-dd'T'HH:mm:ss.SSSZ"):timestamp}\s+%{notSpace:lambda.request_id}\s+%{data:message}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment