How to use splunk-logging - 10 common examples
To help you get started, we’ve selected a few splunk-logging examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
splunk / splunk-aws-project-trumpet / splunk-aws-automation / lambda_code / splunk_metrics_poller / index.js View on Github 
// Set common error handler for logger.send() and logger.flush()
Logger.error = (error, payload) => {
console.log('error', error, 'context', payload);
callback(error);
}
}
var config = {
url: process.env.SPLUNK_HEC_URL.split(":").slice(0, 2).join(":") + ":8088/services/collector",
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 1,
maxRetries: 2
};
var Logger = new SplunkLogger(config);
var cloudwatch = new aws.CloudWatch();
var dynamodb = new aws.DynamoDB();
var periodicity_minutes = 5;
var periodicity_seconds = periodicity_minutes * 60;
var namespace = process.env.NAMESPACE;
var region = process.env.AWS_REGION;
function get_metric_and_send_to_splunk(event, context, highwater, new_highwater, new_highwater_clean_bounds, metric_name, dimension, ddb_metric_key) {
// TODO: Kill function if less than 10 seconds left until lambda timeout?
var cweParams = {
EndTime: new_highwater_clean_bounds,
Dimensions: dimension,
MetricName: metric_name,
Namespace: namespace,*
* For details about Splunk logging library used below: https://github.com/splunk/splunk-javascript-logging
*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const logger = new SplunkLogger(loggerConfig);
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
let count = 0;
event.Records.forEach((record) => {
// Kinesis data is base64 encoded so decode here
const data = new Buffer(record.kinesis.data, 'base64').toString('ascii');
let item = null;
/* NOTE: if Kinesis stream records originates from CloudWatch Logs, data is
compressed and needs to be expanded here. Refer to 'splunk-cloudwatch-log-processor'
blueprint in AWS Lambda console for sample code using zlib */*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL + "/services/collector",
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const aws = require('aws-sdk');
const zlib = require('zlib');
const logger = new SplunkLogger(loggerConfig);
const s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
//console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key
};
if (key.includes("ConfigSnapshot")) {*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const aws = require('aws-sdk');
const zlib = require('zlib');
const logger = new SplunkLogger(loggerConfig);
const s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key,
};
s3.getObject(params, (error, data) => {* For details about Splunk logging library used below: https://github.com/splunk/splunk-javascript-logging
*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const aws = require('aws-sdk');
const logger = new SplunkLogger(loggerConfig);
const s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
// Get the S3 object from the S3 put event
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key,
};
s3.getObject(params, (error, data) => {const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
};
function customEventFormatter(message, severity) {
var event = message
return event;
}
const SplunkLogger = require('splunk-logging').Logger;
const zlib = require('zlib');
const logger = new SplunkLogger(loggerConfig);
logger.eventFormatter = customEventFormatter;
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// CloudTrail Logs data is base64 encoded so decode here
const payload = new Buffer(event.awslogs.data, 'base64');
// CloudTrail Logs are gzip compressed so expand here
zlib.gunzip(payload, (err, result) => {
if (err) {
callback(err);
} else {
const parsed = JSON.parse(result.toString('ascii'));
//console.log('Decoded payload:', JSON.stringify(parsed, null, 2));
let count = 0;*
* For details about Splunk logging library used below: https://github.com/splunk/splunk-javascript-logging
*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const logger = new SplunkLogger(loggerConfig);
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
// Log JSON objects to Splunk
logger.send({ message: event });
// Log strings
logger.send({ message: `value1 = ${event.key1}` });
// Log object or string with explicit timestamp - useful for forwarding events with embedded
// timestamps, such as from AWS IoT, AWS Kinesis Stream & Firehose, AWS CloudWatch Logs
// Change "Date.now()" below to event timestamp if specified in event payload*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL + "/services/collector",
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const aws = require('aws-sdk');
const zlib = require('zlib');
const logger = new SplunkLogger(loggerConfig);
const s3 = new aws.S3({ apiVersion: '2006-03-01' });
exports.handler = (event, context, callback) => {
//console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
// Get the object from the event and show its content type
const bucket = event.Records[0].s3.bucket.name;
const key = decodeURIComponent(event.Records[0].s3.object.key.replace(/\+/g, ' '));
const params = {
Bucket: bucket,
Key: key
};
if (key.includes("ConfigSnapshot")) {*
* For details about Splunk logging library used below: https://github.com/splunk/splunk-javascript-logging
*/
'use strict';
const loggerConfig = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 0, // Manually flush events
maxRetries: 3, // Retry 3 times
};
const SplunkLogger = require('splunk-logging').Logger;
const logger = new SplunkLogger(loggerConfig);
exports.handler = (event, context, callback) => {
console.log('Received event:', JSON.stringify(event, null, 2));
// First, configure logger to automatically add Lambda metadata and to hook into Lambda callback
configureLogger(context, callback); // eslint-disable-line no-use-before-define
/* Send item to Splunk with optional metadata properties such as time, index, source, sourcetype, and host.
- Set time value below if you want to explicitly set event timestamp.
- Set or remove other metadata properties as needed. For descripion of each property, refer to:
http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector */
logger.send({
message: event,
metadata: {
host: 'serverless',
source: `lambda:${context.functionName}`,// Set common error handler for logger.send() and logger.flush()
Logger.error = (error, payload) => {
console.log('error', error, 'context', payload);
callback(error);
}
}
var config = {
url: process.env.SPLUNK_HEC_URL,
token: process.env.SPLUNK_HEC_TOKEN,
maxBatchCount: 1,
maxRetries: 2
};
var Logger = new SplunkLogger(config);
var cloudwatch = new aws.CloudWatch();
var dynamodb = new aws.DynamoDB();
var periodicity_minutes = 5;
var periodicity_seconds = periodicity_minutes * 60;
var namespace = process.env.NAMESPACE;
var region = process.env.AWS_REGION;
function get_metric_and_send_to_splunk(event, context, highwater, new_highwater, new_highwater_clean_bounds, metric_name, dimension, ddb_metric_key) {
// TODO: Kill function if less than 10 seconds left until lambda timeout?
var cweParams = {
EndTime: new_highwater_clean_bounds,
Dimensions: dimension,
MetricName: metric_name,
Namespace: namespace,splunk-logging
Splunk HTTP Event Collector logging interface
