Open jpb-Cloudy-McCloudFace opened 7 years ago
IanMeyers
commented
7 years ago If memory serves, CloudWatch Log Streams are Gzipped. You will need to create an instance of the transformer.js function which decompresses the data and outputs it as UTF-8 text.
hurleyit
commented
7 years ago I'm working on this pretty heavily at the moment. I think beyond figuring out how to write a custom transformer (I'm new to node but I've figured it out), I ran into a problem with this line:
var dataItem = serviceName === KINESIS_SERVICE_NAME ? new Buffer(userRecord.data, 'base64').toString(targetEncoding) : userRecord;
I think converting it to the targetEncoding (here utf8) before unzipping causes issues. Since most of the transformers also attempt to do the encoding convert, might it be possible to remove this one?
Would you be open to having a transformer in the code base for CloudWatch logs since I'm guessing it will be a fairly popular use case?
IanMeyers
commented
7 years ago You are correct - since the input data for CWL is gzipped, this will fail. Happy to take a PR and a transformer just for CWL makes perfect sense.
Nascentes
commented
7 years ago @djjesseb : I have recently done this exact configuration for an environment. +1 to @IanMeyers comment WRT to gzipped source files. Here is a resource that helped me exponentially with understanding the data flow so that I could adopt it to suit my needs:
https://mike.lapidak.is/thoughts/exporting-cloudwatch-logs-to-s3-lambda
I am using a CWL Destination sending to a Stream and then using your Lambda to send it on to Firehose - S3, no Firehose compression or encryption. The files that show up look like some strange unicode format. Is there an issue with using a Destination as a CWL subscription to Kinesis stream here?
Example file contents in S3: