Implementing a Filter Pattern for Forwarding Log Events to Lambda
Question
You have deployed a Java application in an AWS Auto Scaling group.
The application has sent its logs to an AWS CloudWatch Log Group.
You want to deliver the log events from the CloudWatch Log Group to a Lambda function in real-time for custom processing and analysis.
As the Lambda function is designed to process only the logs that contain certain keywords, you need a filter pattern that defines which log events should be forwarded.
How would you implement this?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer : B.
Option A is incorrect because a metric filter is used to search and filter the log data and turn log data into CloudWatch metrics.
However, it cannot forward log events to a Lambda function in real time.
Option B is CORRECT because a subscription filter can forward logs to services such as an Amazon Kinesis stream, an Amazon Kinesis Data Firehose stream, or AWS Lambda in real-time.
You can also define a filter pattern in the subscription filter.
Please check the following references for details.
Option C is incorrect because the “Export results” feature of CloudWatch Log Stream is used to download the log events.
It cannot forward logs to a Lambda function in real-time.
Option D is incorrect because in CloudWatch Log Group, you cannot directly export the log data to a Lambda function.
You would need to create a subscription filter for this task.
Reference:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/SubscriptionFilters.html#LambdaFunctionExampleThe correct answer to this question is B. In the CloudWatch Log Group, create a subscription filter that sends the log data to the AWS Lambda function. Set up the filter pattern in the subscription filter to specify which logs are forwarded.
Explanation: AWS CloudWatch is a monitoring service provided by Amazon that allows you to collect and store log data and metrics from different AWS resources. AWS Lambda is a compute service provided by Amazon that allows you to run code without provisioning or managing servers.
To deliver log events from the CloudWatch Log Group to a Lambda function in real-time, you can use a subscription filter. A subscription filter specifies the filter pattern that you want to apply to the log data and the AWS resource to which you want to stream the matching log events in real-time.
The filter pattern is a string that CloudWatch Logs uses to match log events and route them to the specified destination. In this case, the destination is the Lambda function. The filter pattern can be a simple string or a complex regular expression that matches against the log events.
To set up a subscription filter in the CloudWatch Log Group, follow these steps:
- Open the CloudWatch console, and select the log group that contains the logs that you want to forward to Lambda.
- Click the "Actions" dropdown menu and select "Create Metric Filter."
- In the "Define Logs Metric Filter" page, specify the filter pattern that matches the logs you want to forward to Lambda.
- In the "Define Logs Metric Filter" page, select the "Lambda function" option under "Metric Details".
- In the "Define Logs Metric Filter" page, select the Lambda function that you want to forward the logs to.
- Click "Create Metric Filter" to create the subscription filter.
Once the subscription filter is created, CloudWatch will automatically forward the log events that match the filter pattern to the specified Lambda function in real-time.
Option A is incorrect because metric filters are used to extract and aggregate metrics from log data, not to stream log events to Lambda.
Option C is incorrect because the "Export results" feature is used to export log data to Amazon S3, not to forward log events to Lambda.
Option D is incorrect because there is no "Export data to Lambda" feature in CloudWatch.
