Skip to content

Instantly share code, notes, and snippets.

@shortstack

shortstack/cloudwatch_to_logstash.py

Created January 13, 2021 18:08
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save shortstack/12988470c12a269d197a84bfe7b642c8 to your computer and use it in GitHub Desktop.
Save shortstack/12988470c12a269d197a84bfe7b642c8 to your computer and use it in GitHub Desktop.
Download ZIP
Python lambda to ship logs from Cloudwatch to Logstash
Raw
cloudwatch_to_logstash.py
#!/usr/bin/env python3
import socket
import sys
import json
import zlib
import copy
import base64
import re
import ssl
import logging
logger = logging.getLogger()
logger.setLevel(logging.INFO)
host = os.getenv('LOGSTASH_HOST')
port = os.getenv('LOGSTASH_PORT')
def transform(data):
new_data = copy.deepcopy(data)
if "timestamp" in data:
del new_data["timestamp"]
new_data["lambda_timestamp"] = data["timestamp"]
return new_data
def send_log(data):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
s = context.wrap_socket(s)
s.connect((host, int(port)))
s.sendall(str(json.dumps(data)).encode("utf-8"))
s.send("\n".encode("utf-8"))
s.close()
def lambda_handler(event, context):
decompressed = zlib.decompress(base64.b64decode(event["awslogs"]["data"]), 16 + zlib.MAX_WBITS)
try:
data = json.loads(decompressed)
except Exception as e:
return
for str_event in data["logEvents"]:
send_log(transform(str_event))
if __name__ == "__main__":
lambda_handler(None, None)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment