PR Details

Address Issue 13: JSON logs appear in Sumo as strings

Currently using the sumo reflector lambda to forward CloudWatch Logs for Lambdas to sumo, log messages which are purely JSON are left as JSON so sumo auto-parse works on them. I found that the reflector specifically looks for JSON logs to handle them accordingly: https://github.com/SumoLogic/sumologic-aws-lambda/blob/90f280daf89d13d7f672101c5b3eec7081713a8b/cloudwatchlogs/cloudwatchlogs_lambda.js#L197-L203

The lambda extension formats all log messages as strings, even if they are JSON, which causes the JSON to have all double quotes escaped, requiring further parsing in queries and making for slower queries.

Description

in enhanceLogs, attempt to marshal log entry body as JSON into a map.
If successful, use the map as the log item message.
If unsuccessful, use the log entry body as a string as the log item message.

Built and deployed to a pre-prod AWS org where I was testing the public published extension, and configured my lambda to use this modified version in the PR, and I see JSON log messages being handled as expected now.

Related Issue

#13

Checklist

• Updated CHANGELOG.md. (didn't find a change log in the project)
• Ran unit tests locally.