在AWS Lambda Python函数中解析CloudWatch警报
[英]Parse a CloudWatch alert in AWS Lambda Python function
问题描述
I'm working on Lambda function that will perform several actions based on CloudWatch alerts. 
我正在使用Lambda函数,该函数将基于CloudWatch警报执行一些操作。
The JSON format of the alerts is: 警报的JSON格式为:
{
'SignatureVersion': '1',
'Timestamp': '2018-03-08T16: 06: 27.163Z',
'MessageId': 'df82d564-1651-5dc6-a37a-867f779226ec',
'Message': '{
"AlarmName": "awsec2-i-08c38bb8af7962797-CPU-Utilization",
"AlarmDescription": "Created from EC2 Console",
"AWSAccountId": "111111111111",
"NewStateValue": "ALARM",
"NewStateReason": "Threshold Crossed: 1 datapoint [1.49999999999939 (08/03/18 16:04:00)] was greater than or equal to the threshold (1.0).",
"StateChangeTime": "2018-03-08T16:06:27.124+0000",
"Region": "EU (Ireland)",
"OldStateValue": "OK",
"Trigger": {
"MetricName": "CPUUtilization",
"Namespace": "AWS/EC2",
"StatisticType": "Statistic",
"Statistic": "AVERAGE",
"Unit": null,
"Dimensions": [
{
"name": "InstanceId",
"value": "i-08c38bb8af7962797"
}
],
"Period": 60,
"EvaluationPeriods": 1,
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"Threshold": 1.0,
"TreatMissingData": "",
"EvaluateLowSampleCountPercentile": ""
}
}',
'Type': 'Notification',
'TopicArn': 'arn:aws:sns:eu-west-1: 11111111111:test',
'Subject': 'ALARM: "awsec2-i-08c38bb8af7962797-CPU-Utilization" in EU (Ireland)'
}
What I need to understand is how I tell my function to extract only the InstanceId value and use it as variable for the rest of the function. 我需要了解的是如何告诉我的函数仅提取InstanceId值,并将其用作该函数其余部分的变量。
1 个解决方案
解决方案1
4 已采纳 2018-03-08 21:59:49
The Message is JSON provided as a string. Message是作为字符串提供的JSON。 To access the contents of the string, you'll need to use the json.loads() function: 要访问字符串的内容,您需要使用json.loads()函数:
import json
alert = ... (from CloudWatch)
message = json.loads(alert['Message'])
[msg['value'] for msg in message['Trigger']['Dimensions'] if msg['name']=='InstanceId']
However, please note that this will merely output the InstanceId that was provided as the Dimension for the alarm. 但是,请注意,这只会输出作为警报的维度提供的InstanceId 。 It is not specifically saying that this instance caused the alarm (but that is true). 并不是专门说这个实例引起了警报(但这是事实)。
For example, you could create an alarm based on a group of EC2 instances. 例如,您可以基于一组 EC2实例创建警报。 If the average CPU went above a threshold, the alarm would be triggered. 如果平均CPU超过阈值,则会触发警报。 However, the dimension would relate to the group , not a specific instance. 但是,维将与组有关 ,而不是特定实例。
Think of it as saying "The Alarm with a filter of Instance i-xxx has been triggered" , as opposed to saying "Instance i-xxx triggered the alarm" . 可以认为它是说“已触发实例i-xxx筛选器的警报” ,而不是说“实例i-xxx触发了警报” 。
As long as your alarm is always based on a single instance, then the Dimension will be what you expect. 只要您的警报始终基于单个实例,那么维度将是您期望的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.