Sumo Logic Lambda Variable Overrides
Hey, I've implemented the sumologic lambda and the messages are being received, yet the override values do not appear to be working. My raw message would be in the following format: { "timestamp":1491242830607, "message":"2017-04-03T18:07:10.607Z - info: functions/queue-monitor/index.js : {\"message\":\"ConsumerJSONQueue=0\",\"_sumo_metadata\":{\"category\":\"connect/prod\",\"source\":\"prod Connect Queue Monitor\",\"host\":\"connect/monitor\"}}", "logStream":"2017/04/03/[$LATEST]2326f23ac1b343b797b293754f0d64f9", "logGroup":"/aws/lambda/connect-queue-monitor-prod-queue-monitor", "requestID":"-" } So my _sumo_metadata has been processed by JSON.stringify and is part of the message property.
-
If you want to override the metadata when sending to Sumo, you need to specify the values in the request headers (https://help.sumologic.com/Send_Data/Sources/02Sources_for_Hosted_Collectors/HTTP_Source/Upload_Data_to_an_HTTP_Source). This way the metadata will be populated by the Http source AT ingestion Alternatively, you can create Field extraction rule(s) that extra metadata from the log and overwrite the existing values created by the Http source POST ingestion.
Please sign in to leave a comment.
Comments
1 comment