How can I get CloudWatchLogs to Elastic as JSON?

DanielInacio · August 15, 2022, 12:41pm

Hi everyone

Basically, I have a CloudFormation Stack in AWS, which currently uses the AWS Lambda ElasticForwarder to POST CloudFormation logs into an Elasticsearch stream.

The messages are JSON dictionaries but they are not recognised as a JSON structure since they still appear as a string in the message field.

I wanted to change the configuration in AWS to detect "json_content_type", as shown in this link but no results.

Can some one help me out on how to properly configure the ElasticForwarder so that messages are sent as JSON into Elastic?

Thank you

matschaffer · August 22, 2022, 7:08am

Welcome @DanielInacio !

You should be able to set json_content_type similarly to how you'd set expand_event_list_from_field.

Just include json_content_type: single as part of the input config, or set ndjson if your messages contain multiple newline-delimited JSON.

system · September 19, 2022, 7:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic serverless forwarder json formatting Elasticsearch	2	194	December 25, 2023
How to extract JSON from lambda-generated cloudwatch logs with Functionbeat? Beats functionbeat	1	667	July 19, 2021
Same field different types (primitive vs. complex) Elasticsearch	3	381	March 6, 2020
Elastic Serverless Forwarder not able to send Cloudwatch Logs to Elastic Elastic Observability	1	209	August 29, 2023
Logstash Plugin for Cloudwatch logs Logstash	6	12278	April 26, 2018

How can I get CloudWatchLogs to Elastic as JSON?

Related topics