Humio is a time-series log management solution for logging, on-premises or in the Cloud. You integrate many cloud log services to Humio. Today, I will give information about humio’s AWS CloudWatch integration.
Humio has a few Lambda functions for CloudWatch integration. Humio offers these functions quickly as a CloudFormation template. You can find them on their GitHub page. If you want to use a Terraform script for this integration, you find it on kloia’s GitHub.
Humio’s CloudWatch integration creates three lambda functions;
- CloudWatchIngester: This Lambda function sends logs to Humio.
- AutoSubscriber: This Lambda function auto-subscribes to CloudWatchIngester
when a new log group is created. - CloudWatchBackfiller:This lambda runs if you set HumioSubscriptionBackfiller to true. This lambda function provides to check existing log groups for the subscription to CloudwatchIngester before Humio integration.
You can use the humio CloudWatch CloudFormation template to integrate AWS CloudWatch log groups.
Now, example time...
In this example, I will show how to send a CloudTrail event to humio. First, you create a CloudWatch logs group or use an existing logs group for CloudTrail events. Then you create a role for CloudTrail that enables it to send events to the CloudWatch logs group.
aws cloudtrail update-trail — name trail_name — cloud-watch-logs-log-group-arn log_group_arn — cloud-watch-logs-role-arn role_arnAfter that, you can send logs successfully to the log group by updating your trail like an above.
Finally, we subscribe to the lambda function(CloudWatchIngester) to log groups and we can now see CloudTail events in Humio.
Sending Events to Humio is Very Easy
You can easily send your events to Humio, as my example shows. Humio makes it easy to manage all your events. You can create alerts and send notifications to your communication channels, such as Slack or email. You can search easily by creating queries and create customized dashboards for your events, which keep you on top of what is happening on your application..