By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Configure A Cloud Watch Subscription Filter To Send Logs To Specific AWS Open Search Index Alias

0

I am trying to create a Cloud Watch subscription filter to send logs to a specific index in AWS Open Search.

When I create the subscription filter through the AWS Cloud Watch Console a Lambda function gets automatically created with the index name baked in.

I have created a custom state-managed index with a specific retention policy. Because new indexes will be created by the state management policy over time I can't directly specify the index name in the Lambda function code. Because of this, I guess I need to modify the Lambda function to use the index alias rather than the actual index name.

Can anyone provide an explanation or example of how to achieve this?

Topics
ServerlessComputeAnalyticsManagement & Governance
Tags
AWS LambdaAmazon OpenSearch ServiceAmazon CloudWatch Logs
Language
English
Simon Cox
asked 7 months ago253 views
2 Answers
0

Hi,

You can update the code of the Lambda that was automatically created to send the logs to Open Search.

Look at https://repost.aws/knowledge-center/opensearch-stream-data-cloudwatch It is for another use case: cross-account Open Search indexing but sections "Set up CloudWatch Logs in Account A" and "Configure Lambda in Account A" apply to your use case. Use this second section up to step #3 and modify the code to reach to use your index alias instead of initial generated index.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 7 months ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 7 months ago
0

Thanks for the suggestion but the linked article did not cover my use case. After a further review of the Lambda function code that is created by subscription filter it was the indexname variable that needed to be changed. The default code (line 63-67) is this:

var indexName = [
            'cwl-' + timestamp.getUTCFullYear(),              // year
            ('0' + (timestamp.getUTCMonth() + 1)).slice(-2),  // month
            ('0' + timestamp.getUTCDate()).slice(-2)          // day
        ].join('.');

In order to send the logs to an AWS Open Search index alias I modified the code to this:

var indexName = 'index-alias';

After this change I was successfully able to ingest logs to my required index.

Simon Cox
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content