|
6 | 6 | from __future__ import print_function |
7 | 7 |
|
8 | 8 | import base64 |
| 9 | +import gzip |
9 | 10 | import json |
10 | | -import urllib |
11 | 11 | import os |
| 12 | +import re |
12 | 13 | import socket |
13 | 14 | import ssl |
14 | | -import re |
| 15 | +import urllib |
15 | 16 | from io import BytesIO, BufferedReader |
16 | | -import gzip |
17 | 17 |
|
18 | 18 | import boto3 |
19 | 19 |
|
@@ -293,53 +293,53 @@ def awslogs_handler(event, context, metadata): |
293 | 293 | with gzip.GzipFile( |
294 | 294 | fileobj=BytesIO(base64.b64decode(event["awslogs"]["data"])) |
295 | 295 | ) as decompress_stream: |
296 | | - # Reading line by line avoid a bug where gzip would take a very long time (>5min) for |
297 | | - # file around 60MB gzipped |
| 296 | + # Reading line by line avoid a bug where gzip would take a very long |
| 297 | + # time (>5min) for file around 60MB gzipped |
298 | 298 | data = "".join(BufferedReader(decompress_stream)) |
299 | 299 | logs = json.loads(str(data)) |
| 300 | + |
300 | 301 | # Set the source on the logs |
301 | 302 | source = logs.get("logGroup", "cloudwatch") |
302 | 303 | metadata[DD_SOURCE] = parse_event_source(event, source) |
303 | | - ##default service to source value |
| 304 | + |
| 305 | + # Default service to source value |
304 | 306 | metadata[DD_SERVICE] = metadata[DD_SOURCE] |
305 | 307 |
|
306 | | - # Send lines to Datadog |
| 308 | + # Build aws attributes |
| 309 | + aws_attributes = { |
| 310 | + "aws": { |
| 311 | + "awslogs": { |
| 312 | + "logGroup": logs["logGroup"], |
| 313 | + "logStream": logs["logStream"], |
| 314 | + "owner": logs["owner"], |
| 315 | + } |
| 316 | + } |
| 317 | + } |
| 318 | + |
| 319 | + # For Lambda logs we want to extract the function name, |
| 320 | + # then rebuild the arn of the monitored lambda using that name. |
| 321 | + # Start by splitting the log group to get the function name |
| 322 | + if metadata[DD_SOURCE] == "lambda": |
| 323 | + log_group_parts = logs["logGroup"].split("/lambda/") |
| 324 | + if len(log_group_parts) > 0: |
| 325 | + function_name = log_group_parts[1].lower() |
| 326 | + # Split the arn of the forwarder to extract the prefix |
| 327 | + arn_parts = context.invoked_function_arn.split("function:") |
| 328 | + if len(arn_parts) > 0: |
| 329 | + arn_prefix = arn_parts[0] |
| 330 | + # Rebuild the arn by replacing the function name |
| 331 | + arn = arn_prefix + "function:" + function_name |
| 332 | + # Add the arn as a log attribute |
| 333 | + arn_attributes = {"lambda": {"arn": arn}} |
| 334 | + aws_attributes = merge_dicts(aws_attributes, arn_attributes) |
| 335 | + # Add the function name as tag |
| 336 | + metadata[DD_CUSTOM_TAGS] += ",functionname:" + function_name |
| 337 | + # Set the arn as the hostname |
| 338 | + metadata[DD_HOST] = arn |
| 339 | + |
| 340 | + # Create and send structured logs to Datadog |
307 | 341 | for log in logs["logEvents"]: |
308 | | - # Create structured object and send it |
309 | | - structured_line = merge_dicts( |
310 | | - log, |
311 | | - { |
312 | | - "aws": { |
313 | | - "awslogs": { |
314 | | - "logGroup": logs["logGroup"], |
315 | | - "logStream": logs["logStream"], |
316 | | - "owner": logs["owner"], |
317 | | - } |
318 | | - } |
319 | | - }, |
320 | | - ) |
321 | | - ## For Lambda logs, we want to extract the function name |
322 | | - ## and we reconstruct the the arn of the monitored lambda |
323 | | - # 1. we split the log group to get the function name |
324 | | - if metadata[DD_SOURCE] == "lambda": |
325 | | - loggroupsplit = logs["logGroup"].split("/lambda/") |
326 | | - if len(loggroupsplit) > 0: |
327 | | - functioname = loggroupsplit[1].lower() |
328 | | - # 2. We split the arn of the forwarder to extract the prefix |
329 | | - arnsplit = context.invoked_function_arn.split("function:") |
330 | | - if len(arnsplit) > 0: |
331 | | - arn_prefix = arnsplit[0] |
332 | | - # 3. We replace the function name in the arn |
333 | | - arn = arn_prefix + "function:" + functioname |
334 | | - # 4. We add the arn as a log attribute |
335 | | - structured_line = merge_dicts(log, {"lambda": {"arn": arn}}) |
336 | | - # 5. We add the function name as tag |
337 | | - metadata[DD_CUSTOM_TAGS] = ( |
338 | | - metadata[DD_CUSTOM_TAGS] + ",functionname:" + functioname |
339 | | - ) |
340 | | - #6 we set the arn as the hostname |
341 | | - metadata[DD_HOST] = arn |
342 | | - yield structured_line |
| 342 | + yield merge_dicts(log, aws_attributes) |
343 | 343 |
|
344 | 344 |
|
345 | 345 | # Handle Cloudwatch Events |
|
0 commit comments