Stream Amazon CloudWatch Logs to Splunk in Near Real-Time

AWS Lambda → Amazon Kinesis Data Stream

This pattern creates a Lambda Function to continuously send CloudWatch logs to Splunk

This pattern sets up a serverless stack with AWS Lambda and Amazon Kinesis Data Stream (KDS) to continuously process streaming CloudWatch logs from different accounts and regions.

Lambda receives stream records containing Amazon CloudWatch log events, decompresses and decodes them to prepare events for pushing to Splunk.

A log destination ARN needs to be configured across all account's CloudWatch log groups as a subscription filter for Amazon CloudWatch to start streaming logs.

< Back to all patterns

Language:: Python
Framework:: AWS CDK

Download this pattern (.zip)

View this pattern on GitHub

Clone repo

git clone https://github.com/aws-samples/serverless-patterns/cd serverless-patterns/cloudwatch-logs-to-splunk-using-lambda-kinesis

Deploy

git clone https://github.com/aws-samples/serverless-patternscd cloudwatch-logs-to-splunk-using-lambda-kinesiscdk deployNote: Please refer to manual steps/instructions after the AWS CDK has successfully deployed in the Readme.md file

Testing

See the GitHub repo for detailed testing instructions in the Readme.md file.

Cleanup

Delete the stack: cdk delete.

Additional resources

Troubleshooting Common AWS CDK Issues

Splunk - About HTTP Event Collector Indexer Acknowledgment. Use this link to configure the HTTP event collector on the Splunk side

How to Create a LogDestination Using the AWS Command Line Interface (CLI)

Created by:

Gourang Harhare

Sr Solutions Architect DNB at AWS India

Follow on LinkedIn