Hi,
I've been trying to configure the Lambda function splunk-cloudwatch-logs-processor from the Splunk blog article: how-to-easily-stream-aws-cloudwatch-logs-to-splunk/
But when the logs are being pushed into splunk the source is either the lambda function name or lambda:undefined Which means all of the logs from the LogGroup are pushed into one undefinable mess. Can't tell the difference between the LogStreams within the LogGroup.
I can use the following to edit the source as "test"
logger.logEvent({
time: item.timestamp,
event: item.message,
source: "test",
});
But I want the source to be the logstreamname where the logs are getting pushed into splunk. Similar to how the Cloudwatch logs input on the AWS app works. Something like:
logger.logEvent({
time: item.timestamp,
event: item.message,
source: item.logStreamName,
});
But i've tried this and also parsed.logSteamName and various combinations of context.logStreamName /logStream/Stream etc.
Any help appreciated.
Thanks,
... View more