Send Amazon CloudWatch Logs to SolarWinds Loggly Using an AWS Lambda Function

SolarWinds Loggly is a log aggregation & analysis platform. You can send logs to Loggly from many sources. This article describes the steps to send CloudWatch logs to Loggly.

Start by creating an IAM role named “CloudWatchFullAccessRole” as shown below:

Next, create a CMK in KMS named “logglyCustomerToken” as shown below:

Next, create a Lambda function as shown below:

In the “CloudWatch Logs Trigger” section, select the log group whose logs you want to send to Loggly & provide any name for this filter.

In the “Environment Variables” section, set logglyHostName to logs-01.loggly.com & kmsEncryptedCustomerToken to your Loggly customer token. The token looks like this: 473e7116-b00f-43c7-9c89-030e8b4ddc4d & can be found here: https://your-company.loggly.com/tokens. Then expand the “Encryption Configuration” section & select “Enable helpers for encryption in transit”. Click the Encrypt button that appears next to kmsEncryptedCustomerToken, select the “logglyCustomerToken” CMK, encrypt & create function.

Test the Lambda using a test event created from the CloudWatch Logs event template: