I'm a fan of how the beats/logstash modules work, and can help provide logstash an easier way to break messages up so that we have explicit fields that are not originally in the metadata (ie apache logs).
I'm looking to identify if there is a set of documented knowledge, if not outright tooling, provided for the AWS Service based events that we can get at with Logstash.
something like this: https://help.sumologic.com/Manage/Field-Extractions/Create-a-Field-Extraction-Rule
FunctionBeat may need this capability, but since logstash would be a part of the solution, I'm posting here.