How can I get CloudWatchLogs to Elastic as JSON?

DanielInacio · August 15, 2022, 12:41pm

Hi everyone

Basically, I have a CloudFormation Stack in AWS, which currently uses the AWS Lambda ElasticForwarder to POST CloudFormation logs into an Elasticsearch stream.

The messages are JSON dictionaries but they are not recognised as a JSON structure since they still appear as a string in the message field.

I wanted to change the configuration in AWS to detect "json_content_type", as shown in this link but no results.

Can some one help me out on how to properly configure the ElasticForwarder so that messages are sent as JSON into Elastic?

Thank you

matschaffer · August 22, 2022, 7:08am

Welcome @DanielInacio !

You should be able to set json_content_type similarly to how you'd set expand_event_list_from_field.

Just include json_content_type: single as part of the input config, or set ndjson if your messages contain multiple newline-delimited JSON.

system · September 19, 2022, 7:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.