aws-sdk-cloudwatchlogs 1.102.0 → 1.103.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1109,9 +1109,10 @@ module Aws::CloudWatchLogs
1109
1109
  req.send_request(options)
1110
1110
  end
1111
1111
 
1112
- # Deletes a CloudWatch Logs account policy. This stops the policy from
1113
- # applying to all log groups or a subset of log groups in the account.
1114
- # Log-group level policies will still be in effect.
1112
+ # Deletes a CloudWatch Logs account policy. This stops the account-wide
1113
+ # policy from applying to log groups in the account. If you delete a
1114
+ # data protection policy or subscription filter policy, any log-group
1115
+ # level policies of those types remain in effect.
1115
1116
  #
1116
1117
  # To use this operation, you must be signed on with the correct
1117
1118
  # permissions depending on the type of policy that you are deleting.
@@ -1124,6 +1125,16 @@ module Aws::CloudWatchLogs
1124
1125
  # `logs:DeleteSubscriptionFilter` and `logs:DeleteAccountPolicy`
1125
1126
  # permissions.
1126
1127
  #
1128
+ # * To delete a transformer policy, you must have the
1129
+ # `logs:DeleteTransformer` and `logs:DeleteAccountPolicy` permissions.
1130
+ #
1131
+ # * To delete a field index policy, you must have the
1132
+ # `logs:DeleteIndexPolicy` and `logs:DeleteAccountPolicy` permissions.
1133
+ #
1134
+ # If you delete a field index policy, the indexing of the log events
1135
+ # that happened before you deleted the policy will still be used for up
1136
+ # to 30 days to improve CloudWatch Logs Insights queries.
1137
+ #
1127
1138
  # @option params [required, String] :policy_name
1128
1139
  # The name of the policy to delete.
1129
1140
  #
@@ -1136,7 +1147,7 @@ module Aws::CloudWatchLogs
1136
1147
  #
1137
1148
  # resp = client.delete_account_policy({
1138
1149
  # policy_name: "PolicyName", # required
1139
- # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY
1150
+ # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY, TRANSFORMER_POLICY
1140
1151
  # })
1141
1152
  #
1142
1153
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteAccountPolicy AWS API Documentation
@@ -1331,6 +1342,44 @@ module Aws::CloudWatchLogs
1331
1342
  req.send_request(options)
1332
1343
  end
1333
1344
 
1345
+ # Deletes a log-group level field index policy that was applied to a
1346
+ # single log group. The indexing of the log events that happened before
1347
+ # you delete the policy will still be used for as many as 30 days to
1348
+ # improve CloudWatch Logs Insights queries.
1349
+ #
1350
+ # You can't use this operation to delete an account-level index policy.
1351
+ # Instead, use [DeletAccountPolicy][1].
1352
+ #
1353
+ # If you delete a log-group level field index policy and there is an
1354
+ # account-level field index policy, in a few minutes the log group
1355
+ # begins using that account-wide policy to index new incoming log
1356
+ # events.
1357
+ #
1358
+ #
1359
+ #
1360
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteAccountPolicy.html
1361
+ #
1362
+ # @option params [required, String] :log_group_identifier
1363
+ # The log group to delete the index policy for. You can specify either
1364
+ # the name or the ARN of the log group.
1365
+ #
1366
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1367
+ #
1368
+ # @example Request syntax with placeholder values
1369
+ #
1370
+ # resp = client.delete_index_policy({
1371
+ # log_group_identifier: "LogGroupIdentifier", # required
1372
+ # })
1373
+ #
1374
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteIndexPolicy AWS API Documentation
1375
+ #
1376
+ # @overload delete_index_policy(params = {})
1377
+ # @param [Hash] params ({})
1378
+ def delete_index_policy(params = {}, options = {})
1379
+ req = build_request(:delete_index_policy, params)
1380
+ req.send_request(options)
1381
+ end
1382
+
1334
1383
  # Deletes the specified CloudWatch Logs anomaly detector.
1335
1384
  #
1336
1385
  # @option params [required, String] :anomaly_detector_arn
@@ -1551,6 +1600,39 @@ module Aws::CloudWatchLogs
1551
1600
  req.send_request(options)
1552
1601
  end
1553
1602
 
1603
+ # Deletes the log transformer for the specified log group. As soon as
1604
+ # you do this, the transformation of incoming log events according to
1605
+ # that transformer stops. If this account has an account-level
1606
+ # transformer that applies to this log group, the log group begins using
1607
+ # that account-level transformer when this log-group level transformer
1608
+ # is deleted.
1609
+ #
1610
+ # After you delete a transformer, be sure to edit any metric filters or
1611
+ # subscription filters that relied on the transformed versions of the
1612
+ # log events.
1613
+ #
1614
+ # @option params [required, String] :log_group_identifier
1615
+ # Specify either the name or ARN of the log group to delete the
1616
+ # transformer for. If the log group is in a source account and you are
1617
+ # using a monitoring account, you must use the log group ARN.
1618
+ #
1619
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1620
+ #
1621
+ # @example Request syntax with placeholder values
1622
+ #
1623
+ # resp = client.delete_transformer({
1624
+ # log_group_identifier: "LogGroupIdentifier", # required
1625
+ # })
1626
+ #
1627
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DeleteTransformer AWS API Documentation
1628
+ #
1629
+ # @overload delete_transformer(params = {})
1630
+ # @param [Hash] params ({})
1631
+ def delete_transformer(params = {}, options = {})
1632
+ req = build_request(:delete_transformer, params)
1633
+ req.send_request(options)
1634
+ end
1635
+
1554
1636
  # Returns a list of all CloudWatch Logs account policies in the account.
1555
1637
  #
1556
1638
  # @option params [required, String] :policy_type
@@ -1571,16 +1653,22 @@ module Aws::CloudWatchLogs
1571
1653
  # If you omit this parameter, only the policy in the current account is
1572
1654
  # returned.
1573
1655
  #
1656
+ # @option params [String] :next_token
1657
+ # The token for the next set of items to return. (You received this
1658
+ # token from a previous call.)
1659
+ #
1574
1660
  # @return [Types::DescribeAccountPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1575
1661
  #
1576
1662
  # * {Types::DescribeAccountPoliciesResponse#account_policies #account_policies} => Array<Types::AccountPolicy>
1663
+ # * {Types::DescribeAccountPoliciesResponse#next_token #next_token} => String
1577
1664
  #
1578
1665
  # @example Request syntax with placeholder values
1579
1666
  #
1580
1667
  # resp = client.describe_account_policies({
1581
- # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY
1668
+ # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY, TRANSFORMER_POLICY
1582
1669
  # policy_name: "PolicyName",
1583
1670
  # account_identifiers: ["AccountId"],
1671
+ # next_token: "NextToken",
1584
1672
  # })
1585
1673
  #
1586
1674
  # @example Response structure
@@ -1589,10 +1677,11 @@ module Aws::CloudWatchLogs
1589
1677
  # resp.account_policies[0].policy_name #=> String
1590
1678
  # resp.account_policies[0].policy_document #=> String
1591
1679
  # resp.account_policies[0].last_updated_time #=> Integer
1592
- # resp.account_policies[0].policy_type #=> String, one of "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY"
1680
+ # resp.account_policies[0].policy_type #=> String, one of "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY", "FIELD_INDEX_POLICY", "TRANSFORMER_POLICY"
1593
1681
  # resp.account_policies[0].scope #=> String, one of "ALL"
1594
1682
  # resp.account_policies[0].selection_criteria #=> String
1595
1683
  # resp.account_policies[0].account_id #=> String
1684
+ # resp.next_token #=> String
1596
1685
  #
1597
1686
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies AWS API Documentation
1598
1687
  #
@@ -1958,6 +2047,110 @@ module Aws::CloudWatchLogs
1958
2047
  req.send_request(options)
1959
2048
  end
1960
2049
 
2050
+ # Returns a list of field indexes listed in the field index policies of
2051
+ # one or more log groups. For more information about field index
2052
+ # policies, see [PutIndexPolicy][1].
2053
+ #
2054
+ #
2055
+ #
2056
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
2057
+ #
2058
+ # @option params [required, Array<String>] :log_group_identifiers
2059
+ # An array containing the names or ARNs of the log groups that you want
2060
+ # to retrieve field indexes for.
2061
+ #
2062
+ # @option params [String] :next_token
2063
+ # The token for the next set of items to return. The token expires after
2064
+ # 24 hours.
2065
+ #
2066
+ # @return [Types::DescribeFieldIndexesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2067
+ #
2068
+ # * {Types::DescribeFieldIndexesResponse#field_indexes #field_indexes} => Array&lt;Types::FieldIndex&gt;
2069
+ # * {Types::DescribeFieldIndexesResponse#next_token #next_token} => String
2070
+ #
2071
+ # @example Request syntax with placeholder values
2072
+ #
2073
+ # resp = client.describe_field_indexes({
2074
+ # log_group_identifiers: ["LogGroupIdentifier"], # required
2075
+ # next_token: "NextToken",
2076
+ # })
2077
+ #
2078
+ # @example Response structure
2079
+ #
2080
+ # resp.field_indexes #=> Array
2081
+ # resp.field_indexes[0].log_group_identifier #=> String
2082
+ # resp.field_indexes[0].field_index_name #=> String
2083
+ # resp.field_indexes[0].last_scan_time #=> Integer
2084
+ # resp.field_indexes[0].first_event_time #=> Integer
2085
+ # resp.field_indexes[0].last_event_time #=> Integer
2086
+ # resp.next_token #=> String
2087
+ #
2088
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeFieldIndexes AWS API Documentation
2089
+ #
2090
+ # @overload describe_field_indexes(params = {})
2091
+ # @param [Hash] params ({})
2092
+ def describe_field_indexes(params = {}, options = {})
2093
+ req = build_request(:describe_field_indexes, params)
2094
+ req.send_request(options)
2095
+ end
2096
+
2097
+ # Returns the field index policies of one or more log groups. For more
2098
+ # information about field index policies, see [PutIndexPolicy][1].
2099
+ #
2100
+ # If a specified log group has a log-group level index policy, that
2101
+ # policy is returned by this operation.
2102
+ #
2103
+ # If a specified log group doesn't have a log-group level index policy,
2104
+ # but an account-wide index policy applies to it, that account-wide
2105
+ # policy is returned by this operation.
2106
+ #
2107
+ # To find information about only account-level policies, use
2108
+ # [DescribeAccountPolicies][2] instead.
2109
+ #
2110
+ #
2111
+ #
2112
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
2113
+ # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
2114
+ #
2115
+ # @option params [required, Array<String>] :log_group_identifiers
2116
+ # An array containing the name or ARN of the log group that you want to
2117
+ # retrieve field index policies for.
2118
+ #
2119
+ # @option params [String] :next_token
2120
+ # The token for the next set of items to return. The token expires after
2121
+ # 24 hours.
2122
+ #
2123
+ # @return [Types::DescribeIndexPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2124
+ #
2125
+ # * {Types::DescribeIndexPoliciesResponse#index_policies #index_policies} => Array&lt;Types::IndexPolicy&gt;
2126
+ # * {Types::DescribeIndexPoliciesResponse#next_token #next_token} => String
2127
+ #
2128
+ # @example Request syntax with placeholder values
2129
+ #
2130
+ # resp = client.describe_index_policies({
2131
+ # log_group_identifiers: ["LogGroupIdentifier"], # required
2132
+ # next_token: "NextToken",
2133
+ # })
2134
+ #
2135
+ # @example Response structure
2136
+ #
2137
+ # resp.index_policies #=> Array
2138
+ # resp.index_policies[0].log_group_identifier #=> String
2139
+ # resp.index_policies[0].last_update_time #=> Integer
2140
+ # resp.index_policies[0].policy_document #=> String
2141
+ # resp.index_policies[0].policy_name #=> String
2142
+ # resp.index_policies[0].source #=> String, one of "ACCOUNT", "LOG_GROUP"
2143
+ # resp.next_token #=> String
2144
+ #
2145
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeIndexPolicies AWS API Documentation
2146
+ #
2147
+ # @overload describe_index_policies(params = {})
2148
+ # @param [Hash] params ({})
2149
+ def describe_index_policies(params = {}, options = {})
2150
+ req = build_request(:describe_index_policies, params)
2151
+ req.send_request(options)
2152
+ end
2153
+
1961
2154
  # Lists the specified log groups. You can list all your log groups or
1962
2155
  # filter the results by prefix. The results are ASCII-sorted by log
1963
2156
  # group name.
@@ -2260,6 +2453,7 @@ module Aws::CloudWatchLogs
2260
2453
  # resp.metric_filters[0].metric_transformations[0].unit #=> String, one of "Seconds", "Microseconds", "Milliseconds", "Bytes", "Kilobytes", "Megabytes", "Gigabytes", "Terabytes", "Bits", "Kilobits", "Megabits", "Gigabits", "Terabits", "Percent", "Count", "Bytes/Second", "Kilobytes/Second", "Megabytes/Second", "Gigabytes/Second", "Terabytes/Second", "Bits/Second", "Kilobits/Second", "Megabits/Second", "Gigabits/Second", "Terabits/Second", "Count/Second", "None"
2261
2454
  # resp.metric_filters[0].creation_time #=> Integer
2262
2455
  # resp.metric_filters[0].log_group_name #=> String
2456
+ # resp.metric_filters[0].apply_on_transformed_logs #=> Boolean
2263
2457
  # resp.next_token #=> String
2264
2458
  #
2265
2459
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeMetricFilters AWS API Documentation
@@ -2461,6 +2655,7 @@ module Aws::CloudWatchLogs
2461
2655
  # resp.subscription_filters[0].destination_arn #=> String
2462
2656
  # resp.subscription_filters[0].role_arn #=> String
2463
2657
  # resp.subscription_filters[0].distribution #=> String, one of "Random", "ByLogStream"
2658
+ # resp.subscription_filters[0].apply_on_transformed_logs #=> Boolean
2464
2659
  # resp.subscription_filters[0].creation_time #=> Integer
2465
2660
  # resp.next_token #=> String
2466
2661
  #
@@ -3255,7 +3450,10 @@ module Aws::CloudWatchLogs
3255
3450
  # resp.results[0][0].value #=> String
3256
3451
  # resp.statistics.records_matched #=> Float
3257
3452
  # resp.statistics.records_scanned #=> Float
3453
+ # resp.statistics.estimated_records_skipped #=> Float
3258
3454
  # resp.statistics.bytes_scanned #=> Float
3455
+ # resp.statistics.estimated_bytes_skipped #=> Float
3456
+ # resp.statistics.log_groups_scanned #=> Float
3259
3457
  # resp.status #=> String, one of "Scheduled", "Running", "Complete", "Failed", "Cancelled", "Timeout", "Unknown"
3260
3458
  # resp.encryption_key #=> String
3261
3459
  #
@@ -3268,6 +3466,120 @@ module Aws::CloudWatchLogs
3268
3466
  req.send_request(options)
3269
3467
  end
3270
3468
 
3469
+ # Returns the information about the log transformer associated with this
3470
+ # log group.
3471
+ #
3472
+ # This operation returns data only for transformers created at the log
3473
+ # group level. To get information for an account-level transformer, use
3474
+ # [DescribeAccountPolicies][1].
3475
+ #
3476
+ #
3477
+ #
3478
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DescribeAccountPolicies.html
3479
+ #
3480
+ # @option params [required, String] :log_group_identifier
3481
+ # Specify either the name or ARN of the log group to return transformer
3482
+ # information for. If the log group is in a source account and you are
3483
+ # using a monitoring account, you must use the log group ARN.
3484
+ #
3485
+ # @return [Types::GetTransformerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3486
+ #
3487
+ # * {Types::GetTransformerResponse#log_group_identifier #log_group_identifier} => String
3488
+ # * {Types::GetTransformerResponse#creation_time #creation_time} => Integer
3489
+ # * {Types::GetTransformerResponse#last_modified_time #last_modified_time} => Integer
3490
+ # * {Types::GetTransformerResponse#transformer_config #transformer_config} => Array&lt;Types::Processor&gt;
3491
+ #
3492
+ # @example Request syntax with placeholder values
3493
+ #
3494
+ # resp = client.get_transformer({
3495
+ # log_group_identifier: "LogGroupIdentifier", # required
3496
+ # })
3497
+ #
3498
+ # @example Response structure
3499
+ #
3500
+ # resp.log_group_identifier #=> String
3501
+ # resp.creation_time #=> Integer
3502
+ # resp.last_modified_time #=> Integer
3503
+ # resp.transformer_config #=> Array
3504
+ # resp.transformer_config[0].add_keys.entries #=> Array
3505
+ # resp.transformer_config[0].add_keys.entries[0].key #=> String
3506
+ # resp.transformer_config[0].add_keys.entries[0].value #=> String
3507
+ # resp.transformer_config[0].add_keys.entries[0].overwrite_if_exists #=> Boolean
3508
+ # resp.transformer_config[0].copy_value.entries #=> Array
3509
+ # resp.transformer_config[0].copy_value.entries[0].source #=> String
3510
+ # resp.transformer_config[0].copy_value.entries[0].target #=> String
3511
+ # resp.transformer_config[0].copy_value.entries[0].overwrite_if_exists #=> Boolean
3512
+ # resp.transformer_config[0].csv.quote_character #=> String
3513
+ # resp.transformer_config[0].csv.delimiter #=> String
3514
+ # resp.transformer_config[0].csv.columns #=> Array
3515
+ # resp.transformer_config[0].csv.columns[0] #=> String
3516
+ # resp.transformer_config[0].csv.source #=> String
3517
+ # resp.transformer_config[0].date_time_converter.source #=> String
3518
+ # resp.transformer_config[0].date_time_converter.target #=> String
3519
+ # resp.transformer_config[0].date_time_converter.target_format #=> String
3520
+ # resp.transformer_config[0].date_time_converter.match_patterns #=> Array
3521
+ # resp.transformer_config[0].date_time_converter.match_patterns[0] #=> String
3522
+ # resp.transformer_config[0].date_time_converter.source_timezone #=> String
3523
+ # resp.transformer_config[0].date_time_converter.target_timezone #=> String
3524
+ # resp.transformer_config[0].date_time_converter.locale #=> String
3525
+ # resp.transformer_config[0].delete_keys.with_keys #=> Array
3526
+ # resp.transformer_config[0].delete_keys.with_keys[0] #=> String
3527
+ # resp.transformer_config[0].grok.source #=> String
3528
+ # resp.transformer_config[0].grok.match #=> String
3529
+ # resp.transformer_config[0].list_to_map.source #=> String
3530
+ # resp.transformer_config[0].list_to_map.key #=> String
3531
+ # resp.transformer_config[0].list_to_map.value_key #=> String
3532
+ # resp.transformer_config[0].list_to_map.target #=> String
3533
+ # resp.transformer_config[0].list_to_map.flatten #=> Boolean
3534
+ # resp.transformer_config[0].list_to_map.flattened_element #=> String, one of "first", "last"
3535
+ # resp.transformer_config[0].lower_case_string.with_keys #=> Array
3536
+ # resp.transformer_config[0].lower_case_string.with_keys[0] #=> String
3537
+ # resp.transformer_config[0].move_keys.entries #=> Array
3538
+ # resp.transformer_config[0].move_keys.entries[0].source #=> String
3539
+ # resp.transformer_config[0].move_keys.entries[0].target #=> String
3540
+ # resp.transformer_config[0].move_keys.entries[0].overwrite_if_exists #=> Boolean
3541
+ # resp.transformer_config[0].parse_cloudfront.source #=> String
3542
+ # resp.transformer_config[0].parse_json.source #=> String
3543
+ # resp.transformer_config[0].parse_json.destination #=> String
3544
+ # resp.transformer_config[0].parse_key_value.source #=> String
3545
+ # resp.transformer_config[0].parse_key_value.destination #=> String
3546
+ # resp.transformer_config[0].parse_key_value.field_delimiter #=> String
3547
+ # resp.transformer_config[0].parse_key_value.key_value_delimiter #=> String
3548
+ # resp.transformer_config[0].parse_key_value.key_prefix #=> String
3549
+ # resp.transformer_config[0].parse_key_value.non_match_value #=> String
3550
+ # resp.transformer_config[0].parse_key_value.overwrite_if_exists #=> Boolean
3551
+ # resp.transformer_config[0].parse_route_53.source #=> String
3552
+ # resp.transformer_config[0].parse_postgres.source #=> String
3553
+ # resp.transformer_config[0].parse_vpc.source #=> String
3554
+ # resp.transformer_config[0].parse_waf.source #=> String
3555
+ # resp.transformer_config[0].rename_keys.entries #=> Array
3556
+ # resp.transformer_config[0].rename_keys.entries[0].key #=> String
3557
+ # resp.transformer_config[0].rename_keys.entries[0].rename_to #=> String
3558
+ # resp.transformer_config[0].rename_keys.entries[0].overwrite_if_exists #=> Boolean
3559
+ # resp.transformer_config[0].split_string.entries #=> Array
3560
+ # resp.transformer_config[0].split_string.entries[0].source #=> String
3561
+ # resp.transformer_config[0].split_string.entries[0].delimiter #=> String
3562
+ # resp.transformer_config[0].substitute_string.entries #=> Array
3563
+ # resp.transformer_config[0].substitute_string.entries[0].source #=> String
3564
+ # resp.transformer_config[0].substitute_string.entries[0].from #=> String
3565
+ # resp.transformer_config[0].substitute_string.entries[0].to #=> String
3566
+ # resp.transformer_config[0].trim_string.with_keys #=> Array
3567
+ # resp.transformer_config[0].trim_string.with_keys[0] #=> String
3568
+ # resp.transformer_config[0].type_converter.entries #=> Array
3569
+ # resp.transformer_config[0].type_converter.entries[0].key #=> String
3570
+ # resp.transformer_config[0].type_converter.entries[0].type #=> String, one of "boolean", "integer", "double", "string"
3571
+ # resp.transformer_config[0].upper_case_string.with_keys #=> Array
3572
+ # resp.transformer_config[0].upper_case_string.with_keys[0] #=> String
3573
+ #
3574
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetTransformer AWS API Documentation
3575
+ #
3576
+ # @overload get_transformer(params = {})
3577
+ # @param [Hash] params ({})
3578
+ def get_transformer(params = {}, options = {})
3579
+ req = build_request(:get_transformer, params)
3580
+ req.send_request(options)
3581
+ end
3582
+
3271
3583
  # Returns a list of anomalies that log anomaly detectors have found. For
3272
3584
  # details about the structure format of each anomaly object that is
3273
3585
  # returned, see the example in this section.
@@ -3401,6 +3713,63 @@ module Aws::CloudWatchLogs
3401
3713
  req.send_request(options)
3402
3714
  end
3403
3715
 
3716
+ # Returns a list of the log groups that were analyzed during a single
3717
+ # CloudWatch Logs Insights query. This can be useful for queries that
3718
+ # use log group name prefixes or the `filterIndex` command, because the
3719
+ # log groups are dynamically selected in these cases.
3720
+ #
3721
+ # For more information about field indexes, see [Create field indexes to
3722
+ # improve query performance and reduce costs][1].
3723
+ #
3724
+ #
3725
+ #
3726
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
3727
+ #
3728
+ # @option params [required, String] :query_id
3729
+ # The ID of the query to use. This query ID is from the response to your
3730
+ # [StartQuery][1] operation.
3731
+ #
3732
+ #
3733
+ #
3734
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
3735
+ #
3736
+ # @option params [String] :next_token
3737
+ # The token for the next set of items to return. The token expires after
3738
+ # 24 hours.
3739
+ #
3740
+ # @option params [Integer] :max_results
3741
+ # Limits the number of returned log groups to the specified number.
3742
+ #
3743
+ # @return [Types::ListLogGroupsForQueryResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3744
+ #
3745
+ # * {Types::ListLogGroupsForQueryResponse#log_group_identifiers #log_group_identifiers} => Array&lt;String&gt;
3746
+ # * {Types::ListLogGroupsForQueryResponse#next_token #next_token} => String
3747
+ #
3748
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
3749
+ #
3750
+ # @example Request syntax with placeholder values
3751
+ #
3752
+ # resp = client.list_log_groups_for_query({
3753
+ # query_id: "QueryId", # required
3754
+ # next_token: "NextToken",
3755
+ # max_results: 1,
3756
+ # })
3757
+ #
3758
+ # @example Response structure
3759
+ #
3760
+ # resp.log_group_identifiers #=> Array
3761
+ # resp.log_group_identifiers[0] #=> String
3762
+ # resp.next_token #=> String
3763
+ #
3764
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/ListLogGroupsForQuery AWS API Documentation
3765
+ #
3766
+ # @overload list_log_groups_for_query(params = {})
3767
+ # @param [Hash] params ({})
3768
+ def list_log_groups_for_query(params = {}, options = {})
3769
+ req = build_request(:list_log_groups_for_query, params)
3770
+ req.send_request(options)
3771
+ end
3772
+
3404
3773
  # Displays the tags associated with a CloudWatch Logs resource.
3405
3774
  # Currently, log groups and destinations support tagging.
3406
3775
  #
@@ -3480,9 +3849,9 @@ module Aws::CloudWatchLogs
3480
3849
  req.send_request(options)
3481
3850
  end
3482
3851
 
3483
- # Creates an account-level data protection policy or subscription filter
3484
- # policy that applies to all log groups or a subset of log groups in the
3485
- # account.
3852
+ # Creates an account-level data protection policy, subscription filter
3853
+ # policy, or field index policy that applies to all log groups or a
3854
+ # subset of log groups in the account.
3486
3855
  #
3487
3856
  # **Data protection policy**
3488
3857
  #
@@ -3555,6 +3924,102 @@ module Aws::CloudWatchLogs
3555
3924
  # subscription filter operation for any destination except a Lambda
3556
3925
  # function, you must also have the `iam:PassRole` permission.
3557
3926
  #
3927
+ # **Transformer policy**
3928
+ #
3929
+ # Creates or updates a *log transformer policy* for your account. You
3930
+ # use log transformers to transform log events into a different format,
3931
+ # making them easier for you to process and analyze. You can also
3932
+ # transform logs from different sources into standardized formats that
3933
+ # contain relevant, source-specific information. After you have created
3934
+ # a transformer, CloudWatch Logs performs this transformation at the
3935
+ # time of log ingestion. You can then refer to the transformed versions
3936
+ # of the logs during operations such as querying with CloudWatch Logs
3937
+ # Insights or creating metric filters or subscription filters.
3938
+ #
3939
+ # You can also use a transformer to copy metadata from metadata keys
3940
+ # into the log events themselves. This metadata can include log group
3941
+ # name, log stream name, account ID and Region.
3942
+ #
3943
+ # A transformer for a log group is a series of processors, where each
3944
+ # processor applies one type of transformation to the log events
3945
+ # ingested into this log group. For more information about the available
3946
+ # processors to use in a transformer, see [ Processors that you can
3947
+ # use][6].
3948
+ #
3949
+ # Having log events in standardized format enables visibility across
3950
+ # your applications for your log analysis, reporting, and alarming
3951
+ # needs. CloudWatch Logs provides transformation for common log types
3952
+ # with out-of-the-box transformation templates for major Amazon Web
3953
+ # Services log sources such as VPC flow logs, Lambda, and Amazon RDS.
3954
+ # You can use pre-built transformation templates or create custom
3955
+ # transformation policies.
3956
+ #
3957
+ # You can create transformers only for the log groups in the Standard
3958
+ # log class.
3959
+ #
3960
+ # You can have one account-level transformer policy that applies to all
3961
+ # log groups in the account. Or you can create as many as 20
3962
+ # account-level transformer policies that are each scoped to a subset of
3963
+ # log groups with the `selectionCriteria` parameter. If you have
3964
+ # multiple account-level transformer policies with selection criteria,
3965
+ # no two of them can use the same or overlapping log group name
3966
+ # prefixes. For example, if you have one policy filtered to log groups
3967
+ # that start with `my-log`, you can't have another field index policy
3968
+ # filtered to `my-logpprod` or `my-logging`.
3969
+ #
3970
+ # You can also set up a transformer at the log-group level. For more
3971
+ # information, see [PutTransformer][7]. If there is both a log-group
3972
+ # level transformer created with `PutTransformer` and an account-level
3973
+ # transformer that could apply to the same log group, the log group uses
3974
+ # only the log-group level transformer. It ignores the account-level
3975
+ # transformer.
3976
+ #
3977
+ # **Field index policy**
3978
+ #
3979
+ # You can use field index policies to create indexes on fields found in
3980
+ # log events in the log group. Creating field indexes can help lower the
3981
+ # scan volume for CloudWatch Logs Insights queries that reference those
3982
+ # fields, because these queries attempt to skip the processing of log
3983
+ # events that are known to not match the indexed field. Good fields to
3984
+ # index are fields that you often need to query for and fields or values
3985
+ # that match only a small fraction of the total log events. Common
3986
+ # examples of indexes include request ID, session ID, user IDs, or
3987
+ # instance IDs. For more information, see [Create field indexes to
3988
+ # improve query performance and reduce costs][8]
3989
+ #
3990
+ # To find the fields that are in your log group events, use the
3991
+ # [GetLogGroupFields][9] operation.
3992
+ #
3993
+ # For example, suppose you have created a field index for `requestId`.
3994
+ # Then, any CloudWatch Logs Insights query on that log group that
3995
+ # includes `requestId = value ` or `requestId in [value, value, ...]`
3996
+ # will attempt to process only the log events where the indexed field
3997
+ # matches the specified value.
3998
+ #
3999
+ # Matches of log events to the names of indexed fields are
4000
+ # case-sensitive. For example, an indexed field of `RequestId` won't
4001
+ # match a log event containing `requestId`.
4002
+ #
4003
+ # You can have one account-level field index policy that applies to all
4004
+ # log groups in the account. Or you can create as many as 20
4005
+ # account-level field index policies that are each scoped to a subset of
4006
+ # log groups with the `selectionCriteria` parameter. If you have
4007
+ # multiple account-level index policies with selection criteria, no two
4008
+ # of them can use the same or overlapping log group name prefixes. For
4009
+ # example, if you have one policy filtered to log groups that start with
4010
+ # `my-log`, you can't have another field index policy filtered to
4011
+ # `my-logpprod` or `my-logging`.
4012
+ #
4013
+ # If you create an account-level field index policy in a monitoring
4014
+ # account in cross-account observability, the policy is applied only to
4015
+ # the monitoring account and not to any source accounts.
4016
+ #
4017
+ # If you want to create a field index policy for a single log group, you
4018
+ # can use [PutIndexPolicy][10] instead of `PutAccountPolicy`. If you do
4019
+ # so, that log group will use only that log-group level policy, and will
4020
+ # ignore the account-level policy that you create with
4021
+ # [PutAccountPolicy][11].
4022
+ #
3558
4023
  #
3559
4024
  #
3560
4025
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogEvents.html
@@ -3562,6 +4027,12 @@ module Aws::CloudWatchLogs
3562
4027
  # [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html
3563
4028
  # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDataProtectionPolicy.html
3564
4029
  # [5]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
4030
+ # [6]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
4031
+ # [7]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
4032
+ # [8]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
4033
+ # [9]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
4034
+ # [10]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutIndexPolicy.html
4035
+ # [11]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
3565
4036
  #
3566
4037
  # @option params [required, String] :policy_name
3567
4038
  # A name for the policy. This must be unique within the account.
@@ -3643,10 +4114,34 @@ module Aws::CloudWatchLogs
3643
4114
  # property is only applicable when the destination is an Kinesis Data
3644
4115
  # Streams data stream.
3645
4116
  #
4117
+ # **Transformer policy**
4118
+ #
4119
+ # A transformer policy must include one JSON block with the array of
4120
+ # processors and their configurations. For more information about
4121
+ # available processors, see [ Processors that you can use][3].
4122
+ #
4123
+ # **Field index policy**
4124
+ #
4125
+ # A field index filter policy can include the following attribute in a
4126
+ # JSON block:
4127
+ #
4128
+ # * **Fields** The array of field indexes to create.
4129
+ #
4130
+ # ^
4131
+ #
4132
+ # It must contain at least one field index.
4133
+ #
4134
+ # The following is an example of an index policy document that creates
4135
+ # two indexes, `RequestId` and `TransactionId`.
4136
+ #
4137
+ # `"policyDocument": "{ "Fields": [ "RequestId", "TransactionId" ]
4138
+ # }"`
4139
+ #
3646
4140
  #
3647
4141
  #
3648
4142
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data-types.html
3649
4143
  # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDestination.html
4144
+ # [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
3650
4145
  #
3651
4146
  # @option params [required, String] :policy_type
3652
4147
  # The type of policy that you're creating or updating.
@@ -3657,17 +4152,25 @@ module Aws::CloudWatchLogs
3657
4152
  # the account. If you omit this parameter, the default of `ALL` is used.
3658
4153
  #
3659
4154
  # @option params [String] :selection_criteria
3660
- # Use this parameter to apply the subscription filter policy to a subset
3661
- # of log groups in the account. Currently, the only supported filter is
3662
- # `LogGroupName NOT IN []`. The `selectionCriteria` string can be up to
3663
- # 25KB in length. The length is determined by using its UTF-8 bytes.
4155
+ # Use this parameter to apply the new policy to a subset of log groups
4156
+ # in the account.
4157
+ #
4158
+ # Specifing `selectionCriteria` is valid only when you specify
4159
+ # `SUBSCRIPTION_FILTER_POLICY`, `FIELD_INDEX_POLICY` or
4160
+ # `TRANSFORMER_POLICY`for `policyType`.
3664
4161
  #
3665
- # Using the `selectionCriteria` parameter is useful to help prevent
3666
- # infinite loops. For more information, see [Log recursion
3667
- # prevention][1].
4162
+ # If `policyType` is `SUBSCRIPTION_FILTER_POLICY`, the only supported
4163
+ # `selectionCriteria` filter is `LogGroupName NOT IN []`
3668
4164
  #
3669
- # Specifing `selectionCriteria` is valid only when you specify `
3670
- # SUBSCRIPTION_FILTER_POLICY` for `policyType`.
4165
+ # If `policyType` is `FIELD_INDEX_POLICY` or `TRANSFORMER_POLICY`, the
4166
+ # only supported `selectionCriteria` filter is `LogGroupNamePrefix`
4167
+ #
4168
+ # The `selectionCriteria` string can be up to 25KB in length. The length
4169
+ # is determined by using its UTF-8 bytes.
4170
+ #
4171
+ # Using the `selectionCriteria` parameter with
4172
+ # `SUBSCRIPTION_FILTER_POLICY` is useful to help prevent infinite loops.
4173
+ # For more information, see [Log recursion prevention][1].
3671
4174
  #
3672
4175
  #
3673
4176
  #
@@ -3682,7 +4185,7 @@ module Aws::CloudWatchLogs
3682
4185
  # resp = client.put_account_policy({
3683
4186
  # policy_name: "PolicyName", # required
3684
4187
  # policy_document: "AccountPolicyDocument", # required
3685
- # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY
4188
+ # policy_type: "DATA_PROTECTION_POLICY", # required, accepts DATA_PROTECTION_POLICY, SUBSCRIPTION_FILTER_POLICY, FIELD_INDEX_POLICY, TRANSFORMER_POLICY
3686
4189
  # scope: "ALL", # accepts ALL
3687
4190
  # selection_criteria: "SelectionCriteria",
3688
4191
  # })
@@ -3692,7 +4195,7 @@ module Aws::CloudWatchLogs
3692
4195
  # resp.account_policy.policy_name #=> String
3693
4196
  # resp.account_policy.policy_document #=> String
3694
4197
  # resp.account_policy.last_updated_time #=> Integer
3695
- # resp.account_policy.policy_type #=> String, one of "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY"
4198
+ # resp.account_policy.policy_type #=> String, one of "DATA_PROTECTION_POLICY", "SUBSCRIPTION_FILTER_POLICY", "FIELD_INDEX_POLICY", "TRANSFORMER_POLICY"
3696
4199
  # resp.account_policy.scope #=> String, one of "ALL"
3697
4200
  # resp.account_policy.selection_criteria #=> String
3698
4201
  # resp.account_policy.account_id #=> String
@@ -4230,6 +4733,104 @@ module Aws::CloudWatchLogs
4230
4733
  req.send_request(options)
4231
4734
  end
4232
4735
 
4736
+ # Creates or updates a *field index policy* for the specified log group.
4737
+ # Only log groups in the Standard log class support field index
4738
+ # policies. For more information about log classes, see [Log
4739
+ # classes][1].
4740
+ #
4741
+ # You can use field index policies to create *field indexes* on fields
4742
+ # found in log events in the log group. Creating field indexes speeds up
4743
+ # and lowers the costs for CloudWatch Logs Insights queries that
4744
+ # reference those field indexes, because these queries attempt to skip
4745
+ # the processing of log events that are known to not match the indexed
4746
+ # field. Good fields to index are fields that you often need to query
4747
+ # for and fields or values that match only a small fraction of the total
4748
+ # log events. Common examples of indexes include request ID, session ID,
4749
+ # userID, and instance IDs. For more information, see [Create field
4750
+ # indexes to improve query performance and reduce costs][2].
4751
+ #
4752
+ # To find the fields that are in your log group events, use the
4753
+ # [GetLogGroupFields][3] operation.
4754
+ #
4755
+ # For example, suppose you have created a field index for `requestId`.
4756
+ # Then, any CloudWatch Logs Insights query on that log group that
4757
+ # includes `requestId = value ` or `requestId IN [value, value, ...]`
4758
+ # will process fewer log events to reduce costs, and have improved
4759
+ # performance.
4760
+ #
4761
+ # Each index policy has the following quotas and restrictions:
4762
+ #
4763
+ # * As many as 20 fields can be included in the policy.
4764
+ #
4765
+ # * Each field name can include as many as 100 characters.
4766
+ #
4767
+ # Matches of log events to the names of indexed fields are
4768
+ # case-sensitive. For example, a field index of `RequestId` won't match
4769
+ # a log event containing `requestId`.
4770
+ #
4771
+ # Log group-level field index policies created with `PutIndexPolicy`
4772
+ # override account-level field index policies created with
4773
+ # [PutAccountPolicy][4]. If you use `PutIndexPolicy` to create a field
4774
+ # index policy for a log group, that log group uses only that policy.
4775
+ # The log group ignores any account-wide field index policy that you
4776
+ # might have created.
4777
+ #
4778
+ #
4779
+ #
4780
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch_Logs_Log_Classes.html
4781
+ # [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html
4782
+ # [3]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetLogGroupFields.html
4783
+ # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
4784
+ #
4785
+ # @option params [required, String] :log_group_identifier
4786
+ # Specify either the log group name or log group ARN to apply this field
4787
+ # index policy to. If you specify an ARN, use the format
4788
+ # arn:aws:logs:*region*:*account-id*:log-group:*log\_group\_name* Don't
4789
+ # include an * at the end.
4790
+ #
4791
+ # @option params [required, String] :policy_document
4792
+ # The index policy document, in JSON format. The following is an example
4793
+ # of an index policy document that creates two indexes, `RequestId` and
4794
+ # `TransactionId`.
4795
+ #
4796
+ # `"policyDocument": "{ "Fields": [ "RequestId", "TransactionId" ] }"`
4797
+ #
4798
+ # The policy document must include at least one field index. For more
4799
+ # information about the fields that can be included and other
4800
+ # restrictions, see [Field index syntax and quotas][1].
4801
+ #
4802
+ #
4803
+ #
4804
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing-Syntax.html
4805
+ #
4806
+ # @return [Types::PutIndexPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4807
+ #
4808
+ # * {Types::PutIndexPolicyResponse#index_policy #index_policy} => Types::IndexPolicy
4809
+ #
4810
+ # @example Request syntax with placeholder values
4811
+ #
4812
+ # resp = client.put_index_policy({
4813
+ # log_group_identifier: "LogGroupIdentifier", # required
4814
+ # policy_document: "PolicyDocument", # required
4815
+ # })
4816
+ #
4817
+ # @example Response structure
4818
+ #
4819
+ # resp.index_policy.log_group_identifier #=> String
4820
+ # resp.index_policy.last_update_time #=> Integer
4821
+ # resp.index_policy.policy_document #=> String
4822
+ # resp.index_policy.policy_name #=> String
4823
+ # resp.index_policy.source #=> String, one of "ACCOUNT", "LOG_GROUP"
4824
+ #
4825
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutIndexPolicy AWS API Documentation
4826
+ #
4827
+ # @overload put_index_policy(params = {})
4828
+ # @param [Hash] params ({})
4829
+ def put_index_policy(params = {}, options = {})
4830
+ req = build_request(:put_index_policy, params)
4831
+ req.send_request(options)
4832
+ end
4833
+
4233
4834
  # Uploads a batch of log events to the specified log stream.
4234
4835
  #
4235
4836
  # The sequence token is now ignored in `PutLogEvents` actions.
@@ -4293,7 +4894,7 @@ module Aws::CloudWatchLogs
4293
4894
  # if the sequence token is not valid.
4294
4895
  #
4295
4896
  # @option params [Types::Entity] :entity
4296
- # Reserved for internal use.
4897
+ # The entity associated with the log events.
4297
4898
  #
4298
4899
  # @return [Types::PutLogEventsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
4299
4900
  #
@@ -4349,12 +4950,12 @@ module Aws::CloudWatchLogs
4349
4950
  # group is 100.
4350
4951
  #
4351
4952
  # Using regular expressions to create metric filters is supported. For
4352
- # these filters, there is a quotas of quota of two regular expression
4353
- # patterns within a single filter pattern. There is also a quota of five
4354
- # regular expression patterns per log group. For more information about
4355
- # using regular expressions in metric filters, see [ Filter pattern
4356
- # syntax for metric filters, subscription filters, filter log events,
4357
- # and Live Tail][2].
4953
+ # these filters, there is a quota of two regular expression patterns
4954
+ # within a single filter pattern. There is also a quota of five regular
4955
+ # expression patterns per log group. For more information about using
4956
+ # regular expressions in metric filters, see [ Filter pattern syntax for
4957
+ # metric filters, subscription filters, filter log events, and Live
4958
+ # Tail][2].
4358
4959
  #
4359
4960
  # When you create a metric filter, you can also optionally assign a unit
4360
4961
  # and dimensions to the metric that is created.
@@ -4392,6 +4993,20 @@ module Aws::CloudWatchLogs
4392
4993
  # @option params [required, Array<Types::MetricTransformation>] :metric_transformations
4393
4994
  # A collection of information that defines how metric data gets emitted.
4394
4995
  #
4996
+ # @option params [Boolean] :apply_on_transformed_logs
4997
+ # This parameter is valid only for log groups that have an active log
4998
+ # transformer. For more information about log transformers, see
4999
+ # [PutTransformer][1].
5000
+ #
5001
+ # If the log group uses either a log-group level or account-level
5002
+ # transformer, and you specify `true`, the metric filter will be applied
5003
+ # on the transformed version of the log events instead of the original
5004
+ # ingested log events.
5005
+ #
5006
+ #
5007
+ #
5008
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
5009
+ #
4395
5010
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4396
5011
  #
4397
5012
  # @example Request syntax with placeholder values
@@ -4412,6 +5027,7 @@ module Aws::CloudWatchLogs
4412
5027
  # unit: "Seconds", # accepts Seconds, Microseconds, Milliseconds, Bytes, Kilobytes, Megabytes, Gigabytes, Terabytes, Bits, Kilobits, Megabits, Gigabits, Terabits, Percent, Count, Bytes/Second, Kilobytes/Second, Megabytes/Second, Gigabytes/Second, Terabytes/Second, Bits/Second, Kilobits/Second, Megabits/Second, Gigabits/Second, Terabits/Second, Count/Second, None
4413
5028
  # },
4414
5029
  # ],
5030
+ # apply_on_transformed_logs: false,
4415
5031
  # })
4416
5032
  #
4417
5033
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutMetricFilter AWS API Documentation
@@ -4740,6 +5356,20 @@ module Aws::CloudWatchLogs
4740
5356
  # random for a more even distribution. This property is only applicable
4741
5357
  # when the destination is an Amazon Kinesis data stream.
4742
5358
  #
5359
+ # @option params [Boolean] :apply_on_transformed_logs
5360
+ # This parameter is valid only for log groups that have an active log
5361
+ # transformer. For more information about log transformers, see
5362
+ # [PutTransformer][1].
5363
+ #
5364
+ # If the log group uses either a log-group level or account-level
5365
+ # transformer, and you specify `true`, the subscription filter will be
5366
+ # applied on the transformed version of the log events instead of the
5367
+ # original ingested log events.
5368
+ #
5369
+ #
5370
+ #
5371
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html
5372
+ #
4743
5373
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
4744
5374
  #
4745
5375
  # @example Request syntax with placeholder values
@@ -4751,6 +5381,7 @@ module Aws::CloudWatchLogs
4751
5381
  # destination_arn: "DestinationArn", # required
4752
5382
  # role_arn: "RoleArn",
4753
5383
  # distribution: "Random", # accepts Random, ByLogStream
5384
+ # apply_on_transformed_logs: false,
4754
5385
  # })
4755
5386
  #
4756
5387
  # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutSubscriptionFilter AWS API Documentation
@@ -4762,6 +5393,211 @@ module Aws::CloudWatchLogs
4762
5393
  req.send_request(options)
4763
5394
  end
4764
5395
 
5396
+ # Creates or updates a *log transformer* for a single log group. You use
5397
+ # log transformers to transform log events into a different format,
5398
+ # making them easier for you to process and analyze. You can also
5399
+ # transform logs from different sources into standardized formats that
5400
+ # contains relevant, source-specific information.
5401
+ #
5402
+ # After you have created a transformer, CloudWatch Logs performs the
5403
+ # transformations at the time of log ingestion. You can then refer to
5404
+ # the transformed versions of the logs during operations such as
5405
+ # querying with CloudWatch Logs Insights or creating metric filters or
5406
+ # subscription filers.
5407
+ #
5408
+ # You can also use a transformer to copy metadata from metadata keys
5409
+ # into the log events themselves. This metadata can include log group
5410
+ # name, log stream name, account ID and Region.
5411
+ #
5412
+ # A transformer for a log group is a series of processors, where each
5413
+ # processor applies one type of transformation to the log events
5414
+ # ingested into this log group. The processors work one after another,
5415
+ # in the order that you list them, like a pipeline. For more information
5416
+ # about the available processors to use in a transformer, see [
5417
+ # Processors that you can use][1].
5418
+ #
5419
+ # Having log events in standardized format enables visibility across
5420
+ # your applications for your log analysis, reporting, and alarming
5421
+ # needs. CloudWatch Logs provides transformation for common log types
5422
+ # with out-of-the-box transformation templates for major Amazon Web
5423
+ # Services log sources such as VPC flow logs, Lambda, and Amazon RDS.
5424
+ # You can use pre-built transformation templates or create custom
5425
+ # transformation policies.
5426
+ #
5427
+ # You can create transformers only for the log groups in the Standard
5428
+ # log class.
5429
+ #
5430
+ # You can also set up a transformer at the account level. For more
5431
+ # information, see [PutAccountPolicy][2]. If there is both a log-group
5432
+ # level transformer created with `PutTransformer` and an account-level
5433
+ # transformer that could apply to the same log group, the log group uses
5434
+ # only the log-group level transformer. It ignores the account-level
5435
+ # transformer.
5436
+ #
5437
+ #
5438
+ #
5439
+ # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatch-Logs-Transformation.html#CloudWatch-Logs-Transformation-Processors
5440
+ # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html
5441
+ #
5442
+ # @option params [required, String] :log_group_identifier
5443
+ # Specify either the name or ARN of the log group to create the
5444
+ # transformer for.
5445
+ #
5446
+ # @option params [required, Array<Types::Processor>] :transformer_config
5447
+ # This structure contains the configuration of this log transformer. A
5448
+ # log transformer is an array of processors, where each processor
5449
+ # applies one type of transformation to the log events that are
5450
+ # ingested.
5451
+ #
5452
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
5453
+ #
5454
+ # @example Request syntax with placeholder values
5455
+ #
5456
+ # resp = client.put_transformer({
5457
+ # log_group_identifier: "LogGroupIdentifier", # required
5458
+ # transformer_config: [ # required
5459
+ # {
5460
+ # add_keys: {
5461
+ # entries: [ # required
5462
+ # {
5463
+ # key: "Key", # required
5464
+ # value: "AddKeyValue", # required
5465
+ # overwrite_if_exists: false,
5466
+ # },
5467
+ # ],
5468
+ # },
5469
+ # copy_value: {
5470
+ # entries: [ # required
5471
+ # {
5472
+ # source: "Source", # required
5473
+ # target: "Target", # required
5474
+ # overwrite_if_exists: false,
5475
+ # },
5476
+ # ],
5477
+ # },
5478
+ # csv: {
5479
+ # quote_character: "QuoteCharacter",
5480
+ # delimiter: "Delimiter",
5481
+ # columns: ["Column"],
5482
+ # source: "Source",
5483
+ # },
5484
+ # date_time_converter: {
5485
+ # source: "Source", # required
5486
+ # target: "Target", # required
5487
+ # target_format: "TargetFormat",
5488
+ # match_patterns: ["MatchPattern"], # required
5489
+ # source_timezone: "SourceTimezone",
5490
+ # target_timezone: "TargetTimezone",
5491
+ # locale: "Locale",
5492
+ # },
5493
+ # delete_keys: {
5494
+ # with_keys: ["WithKey"], # required
5495
+ # },
5496
+ # grok: {
5497
+ # source: "Source",
5498
+ # match: "GrokMatch", # required
5499
+ # },
5500
+ # list_to_map: {
5501
+ # source: "Source", # required
5502
+ # key: "Key", # required
5503
+ # value_key: "ValueKey",
5504
+ # target: "Target",
5505
+ # flatten: false,
5506
+ # flattened_element: "first", # accepts first, last
5507
+ # },
5508
+ # lower_case_string: {
5509
+ # with_keys: ["WithKey"], # required
5510
+ # },
5511
+ # move_keys: {
5512
+ # entries: [ # required
5513
+ # {
5514
+ # source: "Source", # required
5515
+ # target: "Target", # required
5516
+ # overwrite_if_exists: false,
5517
+ # },
5518
+ # ],
5519
+ # },
5520
+ # parse_cloudfront: {
5521
+ # source: "Source",
5522
+ # },
5523
+ # parse_json: {
5524
+ # source: "Source",
5525
+ # destination: "DestinationField",
5526
+ # },
5527
+ # parse_key_value: {
5528
+ # source: "Source",
5529
+ # destination: "DestinationField",
5530
+ # field_delimiter: "ParserFieldDelimiter",
5531
+ # key_value_delimiter: "KeyValueDelimiter",
5532
+ # key_prefix: "KeyPrefix",
5533
+ # non_match_value: "NonMatchValue",
5534
+ # overwrite_if_exists: false,
5535
+ # },
5536
+ # parse_route_53: {
5537
+ # source: "Source",
5538
+ # },
5539
+ # parse_postgres: {
5540
+ # source: "Source",
5541
+ # },
5542
+ # parse_vpc: {
5543
+ # source: "Source",
5544
+ # },
5545
+ # parse_waf: {
5546
+ # source: "Source",
5547
+ # },
5548
+ # rename_keys: {
5549
+ # entries: [ # required
5550
+ # {
5551
+ # key: "Key", # required
5552
+ # rename_to: "RenameTo", # required
5553
+ # overwrite_if_exists: false,
5554
+ # },
5555
+ # ],
5556
+ # },
5557
+ # split_string: {
5558
+ # entries: [ # required
5559
+ # {
5560
+ # source: "Source", # required
5561
+ # delimiter: "Delimiter", # required
5562
+ # },
5563
+ # ],
5564
+ # },
5565
+ # substitute_string: {
5566
+ # entries: [ # required
5567
+ # {
5568
+ # source: "Source", # required
5569
+ # from: "FromKey", # required
5570
+ # to: "ToKey", # required
5571
+ # },
5572
+ # ],
5573
+ # },
5574
+ # trim_string: {
5575
+ # with_keys: ["WithKey"], # required
5576
+ # },
5577
+ # type_converter: {
5578
+ # entries: [ # required
5579
+ # {
5580
+ # key: "Key", # required
5581
+ # type: "boolean", # required, accepts boolean, integer, double, string
5582
+ # },
5583
+ # ],
5584
+ # },
5585
+ # upper_case_string: {
5586
+ # with_keys: ["WithKey"], # required
5587
+ # },
5588
+ # },
5589
+ # ],
5590
+ # })
5591
+ #
5592
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutTransformer AWS API Documentation
5593
+ #
5594
+ # @overload put_transformer(params = {})
5595
+ # @param [Hash] params ({})
5596
+ def put_transformer(params = {}, options = {})
5597
+ req = build_request(:put_transformer, params)
5598
+ req.send_request(options)
5599
+ end
5600
+
4765
5601
  # Starts a Live Tail streaming session for one or more log groups. A
4766
5602
  # Live Tail session returns a stream of log events that have been
4767
5603
  # recently ingested in the log groups. For more information, see [Use
@@ -5049,9 +5885,9 @@ module Aws::CloudWatchLogs
5049
5885
  req.send_request(options)
5050
5886
  end
5051
5887
 
5052
- # Schedules a query of a log group using CloudWatch Logs Insights. You
5053
- # specify the log group and time range to query and the query string to
5054
- # use.
5888
+ # Starts a query of one or more log groups using CloudWatch Logs
5889
+ # Insights. You specify the log groups and time range to query and the
5890
+ # query string to use.
5055
5891
  #
5056
5892
  # For more information, see [CloudWatch Logs Insights Query Syntax][1].
5057
5893
  #
@@ -5059,8 +5895,22 @@ module Aws::CloudWatchLogs
5059
5895
  # by CloudWatch Logs. You can use [GetQueryResults][2] to retrieve the
5060
5896
  # results of a query, using the `queryId` that `StartQuery` returns.
5061
5897
  #
5898
+ # <note markdown="1"> To specify the log groups to query, a `StartQuery` operation must
5899
+ # include one of the following:
5900
+ #
5901
+ # * Either exactly one of the following parameters: `logGroupName`,
5902
+ # `logGroupNames`, or `logGroupIdentifiers`
5903
+ #
5904
+ # * Or the `queryString` must include a `SOURCE` command to select log
5905
+ # groups for the query. The `SOURCE` command can select log groups
5906
+ # based on log group name prefix, account ID, and log class.
5907
+ #
5908
+ # For more information about the `SOURCE` command, see [SOURCE][3].
5909
+ #
5910
+ # </note>
5911
+ #
5062
5912
  # If you have associated a KMS key with the query results in this
5063
- # account, then [StartQuery][3] uses that key to encrypt the results
5913
+ # account, then [StartQuery][4] uses that key to encrypt the results
5064
5914
  # when it stores them. If no key is associated with query results, the
5065
5915
  # query results are encrypted with the default CloudWatch Logs
5066
5916
  # encryption method.
@@ -5072,7 +5922,7 @@ module Aws::CloudWatchLogs
5072
5922
  # If you are using CloudWatch cross-account observability, you can use
5073
5923
  # this operation in a monitoring account to start a query in a linked
5074
5924
  # source account. For more information, see [CloudWatch cross-account
5075
- # observability][4]. For a cross-account `StartQuery` operation, the
5925
+ # observability][5]. For a cross-account `StartQuery` operation, the
5076
5926
  # query definition must be defined in the monitoring account.
5077
5927
  #
5078
5928
  # You can have up to 30 concurrent CloudWatch Logs insights queries,
@@ -5082,26 +5932,17 @@ module Aws::CloudWatchLogs
5082
5932
  #
5083
5933
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html
5084
5934
  # [2]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_GetQueryResults.html
5085
- # [3]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
5086
- # [4]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
5935
+ # [3]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax-Source.html
5936
+ # [4]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartQuery.html
5937
+ # [5]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-Unified-Cross-Account.html
5087
5938
  #
5088
5939
  # @option params [String] :log_group_name
5089
5940
  # The log group on which to perform the query.
5090
5941
  #
5091
- # <note markdown="1"> A `StartQuery` operation must include exactly one of the following
5092
- # parameters: `logGroupName`, `logGroupNames`, or `logGroupIdentifiers`.
5093
- #
5094
- # </note>
5095
- #
5096
5942
  # @option params [Array<String>] :log_group_names
5097
5943
  # The list of log groups to be queried. You can include up to 50 log
5098
5944
  # groups.
5099
5945
  #
5100
- # <note markdown="1"> A `StartQuery` operation must include exactly one of the following
5101
- # parameters: `logGroupName`, `logGroupNames`, or `logGroupIdentifiers`.
5102
- #
5103
- # </note>
5104
- #
5105
5946
  # @option params [Array<String>] :log_group_identifiers
5106
5947
  # The list of log groups to query. You can include up to 50 log groups.
5107
5948
  #
@@ -5110,7 +5951,9 @@ module Aws::CloudWatchLogs
5110
5951
  # account, you must specify the ARN of the log group here. The query
5111
5952
  # definition must also be defined in the monitoring account.
5112
5953
  #
5113
- # If you specify an ARN, the ARN can't end with an asterisk (*).
5954
+ # If you specify an ARN, use the format
5955
+ # arn:aws:logs:*region*:*account-id*:log-group:*log\_group\_name* Don't
5956
+ # include an * at the end.
5114
5957
  #
5115
5958
  # A `StartQuery` operation must include exactly one of the following
5116
5959
  # parameters: `logGroupName`, `logGroupNames`, or `logGroupIdentifiers`.
@@ -5348,6 +6191,179 @@ module Aws::CloudWatchLogs
5348
6191
  req.send_request(options)
5349
6192
  end
5350
6193
 
6194
+ # Use this operation to test a log transformer. You enter the
6195
+ # transformer configuration and a set of log events to test with. The
6196
+ # operation responds with an array that includes the original log events
6197
+ # and the transformed versions.
6198
+ #
6199
+ # @option params [required, Array<Types::Processor>] :transformer_config
6200
+ # This structure contains the configuration of this log transformer that
6201
+ # you want to test. A log transformer is an array of processors, where
6202
+ # each processor applies one type of transformation to the log events
6203
+ # that are ingested.
6204
+ #
6205
+ # @option params [required, Array<String>] :log_event_messages
6206
+ # An array of the raw log events that you want to use to test this
6207
+ # transformer.
6208
+ #
6209
+ # @return [Types::TestTransformerResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
6210
+ #
6211
+ # * {Types::TestTransformerResponse#transformed_logs #transformed_logs} => Array&lt;Types::TransformedLogRecord&gt;
6212
+ #
6213
+ # @example Request syntax with placeholder values
6214
+ #
6215
+ # resp = client.test_transformer({
6216
+ # transformer_config: [ # required
6217
+ # {
6218
+ # add_keys: {
6219
+ # entries: [ # required
6220
+ # {
6221
+ # key: "Key", # required
6222
+ # value: "AddKeyValue", # required
6223
+ # overwrite_if_exists: false,
6224
+ # },
6225
+ # ],
6226
+ # },
6227
+ # copy_value: {
6228
+ # entries: [ # required
6229
+ # {
6230
+ # source: "Source", # required
6231
+ # target: "Target", # required
6232
+ # overwrite_if_exists: false,
6233
+ # },
6234
+ # ],
6235
+ # },
6236
+ # csv: {
6237
+ # quote_character: "QuoteCharacter",
6238
+ # delimiter: "Delimiter",
6239
+ # columns: ["Column"],
6240
+ # source: "Source",
6241
+ # },
6242
+ # date_time_converter: {
6243
+ # source: "Source", # required
6244
+ # target: "Target", # required
6245
+ # target_format: "TargetFormat",
6246
+ # match_patterns: ["MatchPattern"], # required
6247
+ # source_timezone: "SourceTimezone",
6248
+ # target_timezone: "TargetTimezone",
6249
+ # locale: "Locale",
6250
+ # },
6251
+ # delete_keys: {
6252
+ # with_keys: ["WithKey"], # required
6253
+ # },
6254
+ # grok: {
6255
+ # source: "Source",
6256
+ # match: "GrokMatch", # required
6257
+ # },
6258
+ # list_to_map: {
6259
+ # source: "Source", # required
6260
+ # key: "Key", # required
6261
+ # value_key: "ValueKey",
6262
+ # target: "Target",
6263
+ # flatten: false,
6264
+ # flattened_element: "first", # accepts first, last
6265
+ # },
6266
+ # lower_case_string: {
6267
+ # with_keys: ["WithKey"], # required
6268
+ # },
6269
+ # move_keys: {
6270
+ # entries: [ # required
6271
+ # {
6272
+ # source: "Source", # required
6273
+ # target: "Target", # required
6274
+ # overwrite_if_exists: false,
6275
+ # },
6276
+ # ],
6277
+ # },
6278
+ # parse_cloudfront: {
6279
+ # source: "Source",
6280
+ # },
6281
+ # parse_json: {
6282
+ # source: "Source",
6283
+ # destination: "DestinationField",
6284
+ # },
6285
+ # parse_key_value: {
6286
+ # source: "Source",
6287
+ # destination: "DestinationField",
6288
+ # field_delimiter: "ParserFieldDelimiter",
6289
+ # key_value_delimiter: "KeyValueDelimiter",
6290
+ # key_prefix: "KeyPrefix",
6291
+ # non_match_value: "NonMatchValue",
6292
+ # overwrite_if_exists: false,
6293
+ # },
6294
+ # parse_route_53: {
6295
+ # source: "Source",
6296
+ # },
6297
+ # parse_postgres: {
6298
+ # source: "Source",
6299
+ # },
6300
+ # parse_vpc: {
6301
+ # source: "Source",
6302
+ # },
6303
+ # parse_waf: {
6304
+ # source: "Source",
6305
+ # },
6306
+ # rename_keys: {
6307
+ # entries: [ # required
6308
+ # {
6309
+ # key: "Key", # required
6310
+ # rename_to: "RenameTo", # required
6311
+ # overwrite_if_exists: false,
6312
+ # },
6313
+ # ],
6314
+ # },
6315
+ # split_string: {
6316
+ # entries: [ # required
6317
+ # {
6318
+ # source: "Source", # required
6319
+ # delimiter: "Delimiter", # required
6320
+ # },
6321
+ # ],
6322
+ # },
6323
+ # substitute_string: {
6324
+ # entries: [ # required
6325
+ # {
6326
+ # source: "Source", # required
6327
+ # from: "FromKey", # required
6328
+ # to: "ToKey", # required
6329
+ # },
6330
+ # ],
6331
+ # },
6332
+ # trim_string: {
6333
+ # with_keys: ["WithKey"], # required
6334
+ # },
6335
+ # type_converter: {
6336
+ # entries: [ # required
6337
+ # {
6338
+ # key: "Key", # required
6339
+ # type: "boolean", # required, accepts boolean, integer, double, string
6340
+ # },
6341
+ # ],
6342
+ # },
6343
+ # upper_case_string: {
6344
+ # with_keys: ["WithKey"], # required
6345
+ # },
6346
+ # },
6347
+ # ],
6348
+ # log_event_messages: ["EventMessage"], # required
6349
+ # })
6350
+ #
6351
+ # @example Response structure
6352
+ #
6353
+ # resp.transformed_logs #=> Array
6354
+ # resp.transformed_logs[0].event_number #=> Integer
6355
+ # resp.transformed_logs[0].event_message #=> String
6356
+ # resp.transformed_logs[0].transformed_event_message #=> String
6357
+ #
6358
+ # @see http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/TestTransformer AWS API Documentation
6359
+ #
6360
+ # @overload test_transformer(params = {})
6361
+ # @param [Hash] params ({})
6362
+ def test_transformer(params = {}, options = {})
6363
+ req = build_request(:test_transformer, params)
6364
+ req.send_request(options)
6365
+ end
6366
+
5351
6367
  # The UntagLogGroup operation is on the path to deprecation. We
5352
6368
  # recommend that you use [UntagResource][1] instead.
5353
6369
  #
@@ -5626,7 +6642,7 @@ module Aws::CloudWatchLogs
5626
6642
  tracer: tracer
5627
6643
  )
5628
6644
  context[:gem_name] = 'aws-sdk-cloudwatchlogs'
5629
- context[:gem_version] = '1.102.0'
6645
+ context[:gem_version] = '1.103.0'
5630
6646
  Seahorse::Client::Request.new(handlers, context)
5631
6647
  end
5632
6648