A Serverless plugin to transport logs to ElasticSearch
Clone or download

README.md

serverless-es-logs

serverless npm package Build status Coverage status Known Vulnerabilities Renovate

A Serverless plugin for transporting Cloudwatch log groups within your CloudFormation stack into Elasticsearch.

Table of Contents

Installation

Install the plugin in your project:

$ yarn add serverless-es-logs --dev
$ npm install serverless-es-logs --save-dev

Add the plugin to your serverless.yml:

plugins:
  - serverless-es-logs

Usage

Define your configuration using the custom configuration option in serverless.yml:

custom:
  esLogs:
    endpoint: some-elasticsearch-endpoint.us-east-1.es.amazonaws.com
    index: some-index

Your logs will now be transported to the specified elasticsearch instance using the provided index.

Options

endpoint

(Required) The endpoint of the Elasticsearch instance the logs should be transported to.

custom:
  esLogs:
    endpoint: some-elasticsearch-endpoint.us-east-1.es.amazonaws.com

filterPattern

(Optional) The filter pattern that the Cloudwatch subscription should use for your lambda functions. Default is [timestamp=*Z, request_id="*-*", event]. See Cloudwatch filter pattern syntax for more info.

custom:
  esLogs:
    filterPattern: '[timestamp=*Z, request_id="*-*", event]'

includeApiGWLogs

(Optional) An option to be used in conjunction with the serverless-aws-alias plugin. This will capture logs created by API Gateway and transport them to Elasticsearch.

custom:
  esLogs:
    includeApiGWLogs: true

index

(Required) The Elasticsearch index that should be applied to the logs.

custom:
  esLogs:
    index: some-index

retentionInDays

(Optional) The number of days that Cloudwatch logs should persist. Default is to never expire.

custom:
  esLogs:
    retentionInDays: 7

tags

(Optional) Custom tags that should be applied to every log message processed by this plugin and sent to elasticsearch as fields.

custom:
  esLogs:
    tags:
      some_tag: something
      some_other_tag: something_else