I'm new to SumoLogic and trying to determine the best way of aggregating CloudWatch logs for our AWS needs. In my case I have have numerous AWS Lambda functions generating CloudWatch logs and these functions group into several independent applications. My thought would be to organize the applications by sourceCategory (i.e. - <DEPT>/App1/Prod, <DEPT>/App2/Prod, etc.), as appears to be the norm for organization in SumoLogic. However, the SumoLogic provided Lambda functions for collecting CloudWatch logs (https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs) essentially send all CloudWatch logs to SumoLogic in one chunk so they can only be assigned a single sourceCategory.
Is there a best practice for this? I could replicate the SumoLogic Lambdas, rename them, and specify different environment variable for each and achieve what I'm looking for. However, it seems a bit wasteful to replicate everything simply to change the environment var. I'm probably missing something obvious.
If anyone can give me any suggestions or best practices I would greatly appreciate it. I have the opportunity to implement this from scratch at this point and would love to do it the right way from the beginning if possible.
Please sign in to leave a comment.