Der OpenAdvice Blog

Montag, 15. März 2021

How to send AWS CloudWatch Logs and Metrics to Humio by using AWS Lambda

This article breaks down the bits and pieces on how to use an AWS Lambda function to send your AWS CloudWatch logs, metrics and other data to Humio. However, before we dig into this process, we’ll have a look on the different platforms involved. 

So, let’s begin with AWS Lambda. Launched in 2014, it's a serverless compute service allowing us­­­­ers to run code with minimal admin. Essentially, it provides a service with your code and allocates the required compute ressources to run it for you. This automatic management makes the service incredibly user friendly - basically, bring your own code and let AWS do the heavy lifting. The main benefits offered to users are that you won’t have any servers to manage, reliable performance at any scale and continuous scaling for that matter, and the ability to manage costs down to the millisecond. 

A Lambda function is an individual function that is a simple, short, function, defined also as a throwaway function. It has been designed to be used inline in code. 

Next is AWS’ CloudWatch platform. This service gives you insights into the overall operational health of your applications. Think of it as your man on the inside - giving you data that you can action to improve and monitor performance. With this platform you will also get logs and metrics to indicate how everything is running, so you can ensure things are running as they should be. 

With any project, accurate and timely monitoring is key. You need an efficient platform that can deliver the insights you need. Enter, Humio. If CloudWatch is finding your issues, Humio lets you know where they are and what to do. It will analyze the metrics and logs it receives and give you alerts when issues or events occur, and if there are any parameters exceeded. It will also store all events it has logged so you have a record of the ongoing activity of your applications. 

So, now we know the components, let’s look at how you can use Lambdas to send CloudWatch logs and metrics to Humio. Basically, we want to create a channel of communication between Humio and AWS, so CloudWatch can provide data and then Humio can be used to manage this data. 

Thanks to a new CloudWatch integration, your AWS cloud watch logs and metrics data will be sent to Humio via Lambda functions. The integration works by installing five Lambda functions:

  • HumioCloudWatchLogsIngester,
  • HumioCloudWatchLogsSubscriber,
  • HumioCloudWatchLogsBackfiller,
  • HumioCloudWatchMetricIngester,
  • HumioCloudWatchMetricStatisticsIngester.

The most noteworthy of these 5 functions are the HumioCloudWatchMetricIngester and the HumioCloudMetricStatisticsIngester. These two functions will take care of the delivery of your metrics to Humio using the GetMetricData and GetMetricStatisics actions respectively from the CloudWatch API reference.

The other three will take care of logging events, logging groups every time a new one is created and numbering each of your existing CloudWatch groups. Configuring these functions to your needs will set up the Lambda functions to deliver the CloudWatch insights you need to Humio, giving you data points you can action! 

For CloudWatch Logs, you’ll use the following Lambdas: 

  • HumioCloudWatchLogsIngester,
  • HumioCloudWatchLogsSubscriber,
  • HumioCloudWatchLogsBackfiller.

Whether in combination, or on their own, each of these Lambdas can be tailored for the specific insights you need. 

For CloudWatch metrics, you can use either of the following:

  • HumioCloudWatchMetricIngester or
  • HumioCloudWatchMetricStatisticsIngester.

These have pre-defined parameters, but these can be changed. 

The first 3 Lambdas will focus mainly on log groups you would monitor. Depending on which you configure to be true, you will receive slightly different information. If you would like to monitor all log groups, you can use HumioCloudWatchLogsBackfiller or for single log data (subscribing the log ingester to one group at a time) you can use the HumioCloudWatchLogsSubscriber. 

The final two Lambdas work as requests to the AWS CloudWatch API through a boto3 client, which will then fetch the number of lambda invocations and/or errors made for the last 15 minutes. (HumioCloudWatchMetricIngester for just invocations and HumioCloudWatchMetricStatisticsIngester for both invocations and errors).  This will be followed by the integration adding a Humio event for each timestamp retrieved. These can be customized, depending on what information you’d like the integration to deliver.

These 5 Lambdas work together, to monitor log groups and report back information in regular cycles. Once configured, these AWS insights will show up in Humio, opening the channel of communication you need between the platforms! 

Using this integration, you’ll be able to receive metrics and logs in Humio from CloudWatch via these Lambda functions, allowing you to monitor applications efficiently. The best way to solve problems is to know where they are occurring, and this integration offers you this insight.