Using the example straight from documentation, in a lambda function I put:
console.log(
{
"eventType": "UpdateTrail",
"sourceIPAddress": "111.111.111.111",
"arrayKey": [
"value",
"another value"
],
"objectList": [
{
"name": "a",
"id": 1
},
{
"name": "b",
"id": 2
}
],
"SomeObject": null,
"ThisFlag": true
})
I then create a logs metric filter in CloudWatch with a filter pattern as specified in the docs example:
{ $.eventType = "UpdateTrail" }
The filter doesn't generate a metric like the documentation says it should - here's the output:
2017-10-23T13:27:19.320Z 1143e2b0-eea6-4225-88c0-efcd79055f7b { eventType: 'UpdateTrail',
sourceIPAddress: '111.111.111.111',
arrayKey: [ 'value', 'another value' ],
objectList: [ { name: 'a', id: 1 }, { name: 'b', id: 2 } ],
SomeObject: null,
ThisFlag: true }
So as you can see the timestamp and the identifier are prepended to the JSON.
An answer in Amazon Cloudwatch log filtering - JSON syntax says it is because Lambda turns logs into a string. How to parse mixed text and JSON log entries in AWS CloudWatch for Log Metric Filter says much the same. A solution isn't offered in either case. How do you filter CloudWatch logs from Lambda with a JSON Metric Filter?
Look at what the log line actually looks like. If you see something like this, it's not a valid json:
{ eventType: 'UpdateTrail', ... }
What you want is something like this (note the quotation):
{ "eventType": "UpdateTrail", ...}
To get that, try to wrap your object in JSON.stringify(), like this:
console.log(
JSON.stringify(
{
"eventType": "UpdateTrail",
"sourceIPAddress": "111.111.111.111",
"arrayKey": [
"value",
"another value"
],
"objectList": [
{
"name": "a",
"id": 1
},
{
"name": "b",
"id": 2
}
],
"SomeObject": null,
"ThisFlag": true
}
)
)