Hello!
I am following this documentation and I am keen on re-ingestion of Failed AWS Firehose requests out via AWS SNS/SQS service using the Splunk AWS Add-On.
Problem:
When I receive a failure message from Firehose, my lambda code strips the Kinesis meta data from to the original format. Now, if I send this to splunk (through the way the above document guides i.e. SNS/SQS and then Splunk AWS Add-On), it does not do the correct parsing at sourcetype level.
I would like an example of what the request that is sent through the AWS SNS/SQS and Splunk AWS Add-On is supposed to look like to get over the parsing issue at sourcetype level.