Sumo Logic Lambda Variable Overrides

Follow

John Doyle

• April 03, 2017 18:16

Hey, I've implemented the sumologic lambda and the messages are being received, yet the override values do not appear to be working. My raw message would be in the following format: { "timestamp":1491242830607, "message":"2017-04-03T18:07:10.607Z - info: functions/queue-monitor/index.js : {\"message\":\"ConsumerJSONQueue=0\",\"_sumo_metadata\":{\"category\":\"connect/prod\",\"source\":\"prod Connect Queue Monitor\",\"host\":\"connect/monitor\"}}", "logStream":"2017/04/03/[$LATEST]2326f23ac1b343b797b293754f0d64f9", "logGroup":"/aws/lambda/connect-queue-monitor-prod-queue-monitor", "requestID":"-" } So my _sumo_metadata has been processed by JSON.stringify and is part of the message property.

0

• 

  duc+appdev

  • May 10, 2017 21:21

  If you want to override the metadata when sending to Sumo, you need to specify the values in the request headers (https://help.sumologic.com/Send_Data/Sources/02Sources_for_Hosted_Collectors/HTTP_Source/Upload_Data_to_an_HTTP_Source). This way the metadata will be populated by the Http source AT ingestion Alternatively, you can create Field extraction rule(s) that extra metadata from the log and overwrite the existing values created by the Http source POST ingestion.

  0

  Permalink

Please sign in to leave a comment.