Skip to content

Put Transformer

cloudwatchlogs_put_transformer R Documentation

Creates or updates a log transformer for a single log group

Description

Creates or updates a log transformer for a single log group. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contains relevant, source-specific information.

After you have created a transformer, CloudWatch Logs performs the transformations at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filers.

You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.

A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. The processors work one after another, in the order that you list them, like a pipeline. For more information about the available processors to use in a transformer, see Processors that you can use.

Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.

You can create transformers only for the log groups in the Standard log class.

You can also set up a transformer at the account level. For more information, see put_account_policy. If there is both a log-group level transformer created with put_transformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.

Usage

cloudwatchlogs_put_transformer(logGroupIdentifier, transformerConfig)

Arguments

logGroupIdentifier

[required] Specify either the name or ARN of the log group to create the transformer for.

transformerConfig

[required] This structure contains the configuration of this log transformer. A log transformer is an array of processors, where each processor applies one type of transformation to the log events that are ingested.

Value

An empty list.

Request syntax

svc$put_transformer(
  logGroupIdentifier = "string",
  transformerConfig = list(
    list(
      addKeys = list(
        entries = list(
          list(
            key = "string",
            value = "string",
            overwriteIfExists = TRUE|FALSE
          )
        )
      ),
      copyValue = list(
        entries = list(
          list(
            source = "string",
            target = "string",
            overwriteIfExists = TRUE|FALSE
          )
        )
      ),
      csv = list(
        quoteCharacter = "string",
        delimiter = "string",
        columns = list(
          "string"
        ),
        source = "string"
      ),
      dateTimeConverter = list(
        source = "string",
        target = "string",
        targetFormat = "string",
        matchPatterns = list(
          "string"
        ),
        sourceTimezone = "string",
        targetTimezone = "string",
        locale = "string"
      ),
      deleteKeys = list(
        withKeys = list(
          "string"
        )
      ),
      grok = list(
        source = "string",
        match = "string"
      ),
      listToMap = list(
        source = "string",
        key = "string",
        valueKey = "string",
        target = "string",
        flatten = TRUE|FALSE,
        flattenedElement = "first"|"last"
      ),
      lowerCaseString = list(
        withKeys = list(
          "string"
        )
      ),
      moveKeys = list(
        entries = list(
          list(
            source = "string",
            target = "string",
            overwriteIfExists = TRUE|FALSE
          )
        )
      ),
      parseCloudfront = list(
        source = "string"
      ),
      parseJSON = list(
        source = "string",
        destination = "string"
      ),
      parseKeyValue = list(
        source = "string",
        destination = "string",
        fieldDelimiter = "string",
        keyValueDelimiter = "string",
        keyPrefix = "string",
        nonMatchValue = "string",
        overwriteIfExists = TRUE|FALSE
      ),
      parseRoute53 = list(
        source = "string"
      ),
      parsePostgres = list(
        source = "string"
      ),
      parseVPC = list(
        source = "string"
      ),
      parseWAF = list(
        source = "string"
      ),
      renameKeys = list(
        entries = list(
          list(
            key = "string",
            renameTo = "string",
            overwriteIfExists = TRUE|FALSE
          )
        )
      ),
      splitString = list(
        entries = list(
          list(
            source = "string",
            delimiter = "string"
          )
        )
      ),
      substituteString = list(
        entries = list(
          list(
            source = "string",
            from = "string",
            to = "string"
          )
        )
      ),
      trimString = list(
        withKeys = list(
          "string"
        )
      ),
      typeConverter = list(
        entries = list(
          list(
            key = "string",
            type = "boolean"|"integer"|"double"|"string"
          )
        )
      ),
      upperCaseString = list(
        withKeys = list(
          "string"
        )
      )
    )
  )
)