Skip to content

refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only log message #996

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Parent: AWS Forwarder v5
merged 2 commits into from
Sep 30, 2025
Merged

refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only log message #996

merged 2 commits into from
Sep 30, 2025

Conversation

@ViBiOh
Copy link
Contributor

@ViBiOh ViBiOh commented Sep 25, 2025
edited
Loading

What does this PR do?

Fix a behavior of running the INCLUDE_AT_MATCH and EXCLUDE_AT_MATCH against the JSON dump of the log being sent to Datadog instead of the log as received.

This is a BREAKING CHANGE if regexes where defined for JSON escaped string.

Previously, filtering a the status field of a JSON log was possible like this

\\\"status:\":\s*5\d\d

Now, it will be like this

"status":\s*5\d\d

Motivation

The Regex was hard to reason about. Searching for the regex in a log file was working but not in the forwarder, this leaded to some support from customers.

Testing Guidelines

Additional Notes

Types of changes

  • Bug fix
  • New feature
  • Breaking change
  • Misc (docs, refactoring, dependency upgrade, etc.)

Check all that apply

  • This PR's description is comprehensive
  • This PR contains breaking changes that are documented in the description
  • This PR introduces new APIs or parameters that are documented and unlikely to change in the foreseeable future
  • This PR impacts documentation, and it has been updated (or a ticket has been logged)
  • This PR's changes are covered by the automated tests
  • This PR collects user input/sensitive content into Datadog
  • This PR passes the integration tests (ask a Datadog member to run the tests)
  • This PR passes the unit tests
  • This PR passes the installation tests (ask a Datadog member to run the tests)

@ViBiOh
refactor(aws)!: AWSX-1703 Change matching of regex. Previously done a…
f119e13 
…gainst JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
@ViBiOh ViBiOh requested a review from a team as a code owner September 25, 2025 14:54
@github-actions github-actions bot added the aws label Sep 25, 2025
@ViBiOh ViBiOh changed the title refactor(aws)!: AWSX-1703 Change matching of regex. Previously done a… refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only log message Sep 26, 2025
@ViBiOh
fixup! refactor(aws)!: AWSX-1703 Change matching of regex. Previously…
59b7ea5 
… done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
@ge0Aja ge0Aja self-assigned this Sep 26, 2025
ge0Aja
ge0Aja reviewed Sep 26, 2025
View reviewed changes
aws/logs_monitoring/forwarder.py
logs_to_forward = filter_logs(
logs_to_forward, INCLUDE_AT_MATCH, EXCLUDE_AT_MATCH
)
if matcher.match(evaluated_log):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should properly catch the exception raised by the matcher here and maybe log a warn?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous behavior was to catch the exception and raise a new one. I think it's better to crash in this case. Otherwise Lambda will "succeed" but with bad filtering which is hidding a problem.

ge0Aja
ge0Aja approved these changes Sep 26, 2025
View reviewed changes
Copy link
Contributor

@ge0Aja ge0Aja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, minor comment about exception handling

@ViBiOh ViBiOh merged commit a943b43 into aws-forwarder-v5-preparation Sep 30, 2025
7 checks passed
@ViBiOh ViBiOh deleted the vibioh/AWSX-1703_regex_matcher branch September 30, 2025 12:01
ViBiOh added a commit that referenced this pull request Oct 2, 2025
@ViBiOh
refactor(aws)!: AWSX-1703 Change matching of regex. Previously done a…
c999538 
…gainst JSON, now only log message (#996)

* refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
ViBiOh added a commit that referenced this pull request Oct 6, 2025
@ViBiOh
refactor(aws)!: AWSX-1703 Change matching of regex. Previously done a…
198a756 
…gainst JSON, now only log message (#996)

* refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
ViBiOh added a commit that referenced this pull request Oct 8, 2025
@ViBiOh
refactor(aws)!: AWSX-1703 Change matching of regex. Previously done a…
4df1098 
…gainst JSON, now only log message (#996)

* refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
@ge0Aja ge0Aja mentioned this pull request Oct 9, 2025
Open
ViBiOh added a commit that referenced this pull request Oct 23, 2025
@ViBiOh @RaphaelAllier @ge0Aja
AWS Forwarder v5 (#1010)
c36a79d 
* refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only log message (#996)

* refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! refactor(aws)!: AWSX-1703 Change matching of regex. Previously done against JSON, now only on log

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* feat(aws)!: Drop deprecated TCP support (#1000)

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* feat(aws)!: Remove deprecated PrivateLink env variable (#1002)

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* docs(aws): Removing JSON explanation in the include at match documentation (#1007)

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* Add environment variable to support backend storage tag enrichment (#1006)

* feat(aws): AWSX-1566 Adding storage tag HTTP header

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* feat(aws): AWSX-1566 Adding new variable in the cloudformation template

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* feat: AWSX-1566 Restoring fetch in the integration test to see metrics

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! feat: AWSX-1566 Restoring fetch in the integration test to see metrics

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* docs(aws): AWSX-1566 Refine documentation around the new variable

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fix(aws): Fixing discrepancies of the fetch configuration between cloudformation and code

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* feat: Add a changelog for the v5 (#1009)

* feat: Add a changelog for the v5

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! feat: Add a changelog for the v5

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* Update aws/logs_monitoring/CHANGELOG.md

Co-authored-by: Raphaël Allier <118757729+RaphaelAllier@users.noreply.github.com>

* fixup! Update aws/logs_monitoring/CHANGELOG.md

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
Co-authored-by: Raphaël Allier <118757729+RaphaelAllier@users.noreply.github.com>

* Update aws/logs_monitoring/CHANGELOG.md

Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>

* Update aws/logs_monitoring/CHANGELOG.md

Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>

* Update aws/logs_monitoring/CHANGELOG.md

Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>

* Update aws/logs_monitoring/CHANGELOG.md

Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>

* Update aws/logs_monitoring/CHANGELOG.md

Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>

* docs: Updating changelog from comments

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! docs: Updating changelog from comments

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* Add reference to the changelog in README (for public doc) (#1011)

* feat: Add link to the changelog in the read toe reflect the documentation

The readme is feeding this page https://docs.datadoghq.com/logs/guide/forwarder/?tab=cloudformation

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! feat: Add link to the changelog in the read toe reflect the documentation

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* refactor: Improve error handling for exception (#1012)

* refactor: Improve error handling for exception

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! refactor: Improve error handling for exception

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* fixup! refactor: Improve error handling for exception

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

* Update aws/logs_monitoring/lambda_function.py

Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>

* fixup! Update aws/logs_monitoring/lambda_function.py

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>

---------

Signed-off-by: Vincent Boutour <vincent.boutour@datadoghq.com>
Co-authored-by: Raphaël Allier <118757729+RaphaelAllier@users.noreply.github.com>
Co-authored-by: Georgi <georgi.ajaeiya@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ge0Aja ge0Aja ge0Aja approved these changes

Assignees

@ge0Aja ge0Aja

Labels

aws

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ViBiOh @ge0Aja