CloudWatchLogs / Client / get_transformer
get_transformer¶
- CloudWatchLogs.Client.get_transformer(**kwargs)¶
Returns the information about the log transformer associated with this log group.
This operation returns data only for transformers created at the log group level. To get information for an account-level transformer, use DescribeAccountPolicies.
See also: AWS API Documentation
Request Syntax
response = client.get_transformer( logGroupIdentifier='string' )
- Parameters:
logGroupIdentifier (string) –
[REQUIRED]
Specify either the name or ARN of the log group to return transformer information for. If the log group is in a source account and you are using a monitoring account, you must use the log group ARN.
- Return type:
dict
- Returns:
Response Syntax
{ 'logGroupIdentifier': 'string', 'creationTime': 123, 'lastModifiedTime': 123, 'transformerConfig': [ { 'addKeys': { 'entries': [ { 'key': 'string', 'value': 'string', 'overwriteIfExists': True|False }, ] }, 'copyValue': { 'entries': [ { 'source': 'string', 'target': 'string', 'overwriteIfExists': True|False }, ] }, 'csv': { 'quoteCharacter': 'string', 'delimiter': 'string', 'columns': [ 'string', ], 'source': 'string' }, 'dateTimeConverter': { 'source': 'string', 'target': 'string', 'targetFormat': 'string', 'matchPatterns': [ 'string', ], 'sourceTimezone': 'string', 'targetTimezone': 'string', 'locale': 'string' }, 'deleteKeys': { 'withKeys': [ 'string', ] }, 'grok': { 'source': 'string', 'match': 'string' }, 'listToMap': { 'source': 'string', 'key': 'string', 'valueKey': 'string', 'target': 'string', 'flatten': True|False, 'flattenedElement': 'first'|'last' }, 'lowerCaseString': { 'withKeys': [ 'string', ] }, 'moveKeys': { 'entries': [ { 'source': 'string', 'target': 'string', 'overwriteIfExists': True|False }, ] }, 'parseCloudfront': { 'source': 'string' }, 'parseJSON': { 'source': 'string', 'destination': 'string' }, 'parseKeyValue': { 'source': 'string', 'destination': 'string', 'fieldDelimiter': 'string', 'keyValueDelimiter': 'string', 'keyPrefix': 'string', 'nonMatchValue': 'string', 'overwriteIfExists': True|False }, 'parseRoute53': { 'source': 'string' }, 'parseToOCSF': { 'source': 'string', 'eventSource': 'CloudTrail'|'Route53Resolver'|'VPCFlow'|'EKSAudit'|'AWSWAF', 'ocsfVersion': 'V1.1' }, 'parsePostgres': { 'source': 'string' }, 'parseVPC': { 'source': 'string' }, 'parseWAF': { 'source': 'string' }, 'renameKeys': { 'entries': [ { 'key': 'string', 'renameTo': 'string', 'overwriteIfExists': True|False }, ] }, 'splitString': { 'entries': [ { 'source': 'string', 'delimiter': 'string' }, ] }, 'substituteString': { 'entries': [ { 'source': 'string', 'from': 'string', 'to': 'string' }, ] }, 'trimString': { 'withKeys': [ 'string', ] }, 'typeConverter': { 'entries': [ { 'key': 'string', 'type': 'boolean'|'integer'|'double'|'string' }, ] }, 'upperCaseString': { 'withKeys': [ 'string', ] } }, ] }
Response Structure
(dict) –
logGroupIdentifier (string) –
The ARN of the log group that you specified in your request.
creationTime (integer) –
The creation time of the transformer, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
lastModifiedTime (integer) –
The date and time when this transformer was most recently modified, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.
transformerConfig (list) –
This sructure contains the configuration of the requested transformer.
(dict) –
This structure contains the information about one processor in a log transformer.
addKeys (dict) –
Use this parameter to include the addKeys processor in your transformer.
entries (list) –
An array of objects, where each object contains the information about one key to add to the log event.
(dict) –
This object defines one key that will be added with the addKeys processor.
key (string) –
The key of the new entry to be added to the log event
value (string) –
The value of the new entry to be added to the log event
overwriteIfExists (boolean) –
Specifies whether to overwrite the value if the key already exists in the log event. If you omit this, the default is
false.
copyValue (dict) –
Use this parameter to include the copyValue processor in your transformer.
entries (list) –
An array of
CopyValueEntryobjects, where each object contains the information about one field value to copy.(dict) –
This object defines one value to be copied with the copyValue processor.
source (string) –
The key to copy.
target (string) –
The key of the field to copy the value to.
overwriteIfExists (boolean) –
Specifies whether to overwrite the value if the destination key already exists. If you omit this, the default is
false.
csv (dict) –
Use this parameter to include the CSV processor in your transformer.
quoteCharacter (string) –
The character used used as a text qualifier for a single column of data. If you omit this, the double quotation mark
"character is used.delimiter (string) –
The character used to separate each column in the original comma-separated value log event. If you omit this, the processor looks for the comma
,character as the delimiter.columns (list) –
An array of names to use for the columns in the transformed log event.
If you omit this, default column names (
[column_1, column_2 ...]) are used.(string) –
source (string) –
The path to the field in the log event that has the comma separated values to be parsed. If you omit this value, the whole log message is processed.
dateTimeConverter (dict) –
Use this parameter to include the datetimeConverter processor in your transformer.
source (string) –
The key to apply the date conversion to.
target (string) –
The JSON field to store the result in.
targetFormat (string) –
The datetime format to use for the converted data in the target field.
If you omit this, the default of
yyyy-MM-dd'T'HH:mm:ss.SSS'Zis used.matchPatterns (list) –
A list of patterns to match against the
sourcefield.(string) –
sourceTimezone (string) –
The time zone of the source field. If you omit this, the default used is the UTC zone.
targetTimezone (string) –
The time zone of the target field. If you omit this, the default used is the UTC zone.
locale (string) –
The locale of the source field. If you omit this, the default of
locale.ROOTis used.
deleteKeys (dict) –
Use this parameter to include the deleteKeys processor in your transformer.
withKeys (list) –
The list of keys to delete.
(string) –
grok (dict) –
Use this parameter to include the grok processor in your transformer.
source (string) –
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
match (string) –
The grok pattern to match against the log event. For a list of supported grok patterns, see Supported grok patterns.
listToMap (dict) –
Use this parameter to include the listToMap processor in your transformer.
source (string) –
The key in the log event that has a list of objects that will be converted to a map.
key (string) –
The key of the field to be extracted as keys in the generated map
valueKey (string) –
If this is specified, the values that you specify in this parameter will be extracted from the
sourceobjects and put into the values of the generated map. Otherwise, original objects in the source list will be put into the values of the generated map.target (string) –
The key of the field that will hold the generated map
flatten (boolean) –
A Boolean value to indicate whether the list will be flattened into single items. Specify
trueto flatten the list. The default isfalseflattenedElement (string) –
If you set
flattentotrue, useflattenedElementto specify which element,firstorlast, to keep.You must specify this parameter if
flattenistrue
lowerCaseString (dict) –
Use this parameter to include the lowerCaseString processor in your transformer.
withKeys (list) –
The array caontaining the keys of the fields to convert to lowercase.
(string) –
moveKeys (dict) –
Use this parameter to include the moveKeys processor in your transformer.
entries (list) –
An array of objects, where each object contains the information about one key to move.
(dict) –
This object defines one key that will be moved with the moveKey processor.
source (string) –
The key to move.
target (string) –
The key to move to.
overwriteIfExists (boolean) –
Specifies whether to overwrite the value if the destination key already exists. If you omit this, the default is
false.
parseCloudfront (dict) –
Use this parameter to include the parseCloudfront processor in your transformer.
If you use this processor, it must be the first processor in your transformer.
source (string) –
Omit this parameter and the whole log message will be processed by this processor. No other value than
@messageis allowed forsource.
parseJSON (dict) –
Use this parameter to include the parseJSON processor in your transformer.
source (string) –
Path to the field in the log event that will be parsed. Use dot notation to access child fields. For example,
store.bookdestination (string) –
The location to put the parsed key value pair into. If you omit this parameter, it is placed under the root node.
parseKeyValue (dict) –
Use this parameter to include the parseKeyValue processor in your transformer.
source (string) –
Path to the field in the log event that will be parsed. Use dot notation to access child fields. For example,
store.bookdestination (string) –
The destination field to put the extracted key-value pairs into
fieldDelimiter (string) –
The field delimiter string that is used between key-value pairs in the original log events. If you omit this, the ampersand
&character is used.keyValueDelimiter (string) –
The delimiter string to use between the key and value in each pair in the transformed log event.
If you omit this, the equal
=character is used.keyPrefix (string) –
If you want to add a prefix to all transformed keys, specify it here.
nonMatchValue (string) –
A value to insert into the value field in the result, when a key-value pair is not successfully split.
overwriteIfExists (boolean) –
Specifies whether to overwrite the value if the destination key already exists. If you omit this, the default is
false.
parseRoute53 (dict) –
Use this parameter to include the parseRoute53 processor in your transformer.
If you use this processor, it must be the first processor in your transformer.
source (string) –
Omit this parameter and the whole log message will be processed by this processor. No other value than
@messageis allowed forsource.
parseToOCSF (dict) –
Use this parameter to convert logs into Open Cybersecurity Schema (OCSF) format.
source (string) –
The path to the field in the log event that you want to parse. If you omit this value, the whole log message is parsed.
eventSource (string) –
Specify the service or process that produces the log events that will be converted with this processor.
ocsfVersion (string) –
Specify which version of the OCSF schema to use for the transformed log events.
parsePostgres (dict) –
Use this parameter to include the parsePostGres processor in your transformer.
If you use this processor, it must be the first processor in your transformer.
source (string) –
Omit this parameter and the whole log message will be processed by this processor. No other value than
@messageis allowed forsource.
parseVPC (dict) –
Use this parameter to include the parseVPC processor in your transformer.
If you use this processor, it must be the first processor in your transformer.
source (string) –
Omit this parameter and the whole log message will be processed by this processor. No other value than
@messageis allowed forsource.
parseWAF (dict) –
Use this parameter to include the parseWAF processor in your transformer.
If you use this processor, it must be the first processor in your transformer.
source (string) –
Omit this parameter and the whole log message will be processed by this processor. No other value than
@messageis allowed forsource.
renameKeys (dict) –
Use this parameter to include the renameKeys processor in your transformer.
entries (list) –
An array of
RenameKeyEntryobjects, where each object contains the information about a single key to rename.(dict) –
This object defines one key that will be renamed with the renameKey processor.
key (string) –
The key to rename
renameTo (string) –
The string to use for the new key name
overwriteIfExists (boolean) –
Specifies whether to overwrite the existing value if the destination key already exists. The default is
false
splitString (dict) –
Use this parameter to include the splitString processor in your transformer.
entries (list) –
An array of
SplitStringEntryobjects, where each object contains the information about one field to split.(dict) –
This object defines one log field that will be split with the splitString processor.
source (string) –
The key of the field to split.
delimiter (string) –
The separator characters to split the string entry on.
substituteString (dict) –
Use this parameter to include the substituteString processor in your transformer.
entries (list) –
An array of objects, where each object contains the information about one key to match and replace.
(dict) –
This object defines one log field key that will be replaced using the substituteString processor.
source (string) –
The key to modify
from (string) –
The regular expression string to be replaced. Special regex characters such as [ and ] must be escaped using \ when using double quotes and with when using single quotes. For more information, see Class Pattern on the Oracle web site.
to (string) –
The string to be substituted for each match of
from
trimString (dict) –
Use this parameter to include the trimString processor in your transformer.
withKeys (list) –
The array containing the keys of the fields to trim.
(string) –
typeConverter (dict) –
Use this parameter to include the typeConverter processor in your transformer.
entries (list) –
An array of
TypeConverterEntryobjects, where each object contains the information about one field to change the type of.(dict) –
This object defines one value type that will be converted using the typeConverter processor.
key (string) –
The key with the value that is to be converted to a different type.
type (string) –
The type to convert the field value to. Valid values are
integer,double,stringandboolean.
upperCaseString (dict) –
Use this parameter to include the upperCaseString processor in your transformer.
withKeys (list) –
The array of containing the keys of the field to convert to uppercase.
(string) –
Exceptions
CloudWatchLogs.Client.exceptions.InvalidParameterExceptionCloudWatchLogs.Client.exceptions.ResourceNotFoundExceptionCloudWatchLogs.Client.exceptions.ServiceUnavailableExceptionCloudWatchLogs.Client.exceptions.InvalidOperationException