alemairebe
commented
8 months ago Main difference versus the 2 others PRs about this is the use of value_from_nesteddict_by_dottedkey to allow to get json_delimiter = detail.findings instead of json_delimiter = findings
This change allow the use of 'delimiters' in addition to cloudwatch logs events split. In my case, it is useful to get SecurityHub Findings via CloudWatch Logs. https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-all-findings.html My current customer did that setup following an LAZ guideline.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.