Adding fields 'aws_log_group' and 'aws_log_stream' to flow log and raw log codecs

src/main/java/org/graylog/aws/cloudwatch/CloudWatchLogData.java

@@ -31,6 +31,13 @@
  * </pre>
  */
 public class CloudWatchLogData {
+
     @JsonProperty("logEvents")
     public List<CloudWatchLogEvent> logEvents;
+
+    @JsonProperty("logGroup")
+    public String logGroup;
+
+    @JsonProperty("logStream")
+    public String logStream;
 }

src/main/java/org/graylog/aws/inputs/codecs/CloudWatchFlowLogCodec.java

@@ -36,7 +36,7 @@ public CloudWatchFlowLogCodec(@Assisted Configuration configuration, @AWSObjectM
 
     @Nullable
     @Override
-    public Message decodeLogData(@Nonnull final CloudWatchLogEvent logEvent) {
+    public Message decodeLogData(@Nonnull final CloudWatchLogEvent logEvent, @Nonnull final String logGroup, @Nonnull final String logStream) {
         try {
             final FlowLogMessage flowLogMessage = FlowLogMessage.fromLogEvent(logEvent);
 
@@ -51,6 +51,8 @@ public Message decodeLogData(@Nonnull final CloudWatchLogEvent logEvent) {
                     flowLogMessage.getTimestamp()
             );
             result.addFields(buildFields(flowLogMessage));
+            result.addField("aws_log_group", logGroup);
+            result.addField("aws_log_stream", logStream);
             result.addField(AWS.SOURCE_GROUP_IDENTIFIER, true);
 
             return result;

src/main/java/org/graylog/aws/inputs/codecs/CloudWatchLogDataCodec.java

@@ -44,7 +44,7 @@ public Collection<Message> decodeMessages(@Nonnull RawMessage rawMessage) {
 
             for (final CloudWatchLogEvent logEvent : data.logEvents) {
                 try {
-                    final Message message = decodeLogData(logEvent);
+                    final Message message = decodeLogData(logEvent, data.logGroup, data.logStream);
                     if (message != null) {
                         messages.add(message);
                     }
@@ -60,7 +60,7 @@ public Collection<Message> decodeMessages(@Nonnull RawMessage rawMessage) {
     }
 
     @Nullable
-    protected abstract Message decodeLogData(@Nonnull final CloudWatchLogEvent event);
+    protected abstract Message decodeLogData(@Nonnull final CloudWatchLogEvent event, @Nonnull final String logGroup, @Nonnull final String logStream);
 
     @Nonnull
     @Override

src/main/java/org/graylog/aws/inputs/codecs/CloudWatchRawLogCodec.java

@@ -27,10 +27,18 @@ public CloudWatchRawLogCodec(@Assisted Configuration configuration, @AWSObjectMa
 
     @Nullable
     @Override
-    public Message decodeLogData(@Nonnull final CloudWatchLogEvent logEvent) {
+    public Message decodeLogData(@Nonnull final CloudWatchLogEvent logEvent, @Nonnull final String logGroup, @Nonnull final String logStream) {
         try {
             final String source = configuration.getString(CloudTrailCodec.Config.CK_OVERRIDE_SOURCE, "aws-raw-logs");
-            return new Message(logEvent.message, source, new DateTime(logEvent.timestamp));
+            Message result = new Message(
+                    logEvent.message,
+                    source,
+                    new DateTime(logEvent.timestamp)
+            );
+            result.addField("aws_log_group", logGroup);
+            result.addField("aws_log_stream", logStream);
+
+            return result;
         } catch (Exception e) {
             throw new RuntimeException("Could not deserialize AWS FlowLog record.", e);
         }