尝试过滤 Cloudwatch 日志时出现 Lambda InvalidParameterException

我正在尝试创建一个 Lambda 函数来搜索 cloudwatch 日志中的字符串。如果 10 分钟内该值出现 5 次，请发送电子邮件或 sns。

我不确定错误是否为我指明了正确的方向： 我测试的时候报错： { "errorMessage": "调用 FilterLogEvents 操作时发生错误 (InvalidParameterException)：术语 '<'", "errorType": "InvalidParameterException", "stackTrace": [ " File "/var/task/lambda_function.py", line 24, in lambda_handler\n response = cloudwatch.filter_log_events(\n", " File "/var/runtime/botocore/client.py", line 391, in _api_call\n return self._make_api_call(operation_name, kwargs)\n", " File "/var/runtime/botocore/client.py", line 719, in _make_api_call\n raise error_class(parsed_response, operation_name)\n" ] }

我创建了一个 IAM 角色来使用 Lambda 服务，并且它允许过滤日志。

非常感谢任何帮助：

import json

def lambda_handler(event, context):
# TODO implement
return {
    'statusCode': 200,
    'body': json.dumps('Hello from Lambda!')
}
import boto3
import datetime

def lambda_handler(event, context):
log_group_name = 'security'  #  log group name
search_string = '4625'   # string being searched
sns_topic_arn = 'arn:aws-us-yadyaxxx   #  SNS topic ARN
custom_email = '[email protected]'   # custom email

cloudwatch = boto3.client('logs')
sns = boto3.client('sns')

end_time = int(datetime.datetime.now().timestamp())
start_time = end_time - 600  # 600 seconds = 10 minutes

response = cloudwatch.filter_log_events(
    logGroupName=log_group_name,
    startTime=start_time,
    endTime=end_time,
    filterPattern=search_string
)

occurrences = sum(1 for _ in response['events'])

if occurrences >= 5:
    message = f"Found '{search_string}' 5 times within 10 minutes in {log_group_name}."

    sns.publish(
        TopicArn=sns_topic_arn,
        Message=message
    )

    sns.publish(
        TopicArn=sns_topic_arn,
        Message=message,
        Subject='Critical Log Events Detected',
        MessageAttributes={
            'email': {
                'DataType': 'String',
                'StringValue': custom_email
            }
        }
    )

我已检查 IAM 角色，它允许过滤日志 还尝试了各种搜索模式；我不认为是这样。