Sending log data to AWS lambda function

Question

Hi All,

I want to create a alert on log group if there a new entry in a log stream or a new log stream registered in a cloud-watch log group.

I have tried the AWS event bridge rule for AWS cloud-watch log but did not helped. Below is the event pattern i have tried.
{
  "source": ["aws.logs"],
  "detail-type": ["AWS API Call via CloudTrail"],
  "detail": {
    "eventSource": ["logs.amazonaws.com"],
    "eventName": ["CreateLogGroup"],
    "requestParameters": {
      "logGroupName": ["YourLogGroupName"]
    }
  }
}
This pattern did not triggered target lambda function not sure the event pattern is correct.
 
I have tried Subscription filters with AWS Lambda. But the limitation here is one subscription filter for  one log stream. In my log group i have multiple log stream if 1 subscription filter for 1 log stream will create a lot of in my case. I want to check is there a way 1 single subscription pattern for whole log group.

Accepted Answer

CloudWatch Logs subscription filters are actually created on the Log Group and not the Log Stream. So you do not have the limitation that you described.

if you prefer to use EventBridge, I recommend that you create a Catch all rule that will send the events to CloudWatch Logs to see the exact structure of the event.

Answer

Hi. How about sending CW logs to Kinesis Streams and, consume streams from Lambda

https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html

Sending log data to AWS lambda function

Relevant content