So the blueprint's code, written on Node.js, has some assumptions and wouldn't work without modification. First of all in the given event there's no base64 encoding Second, no gzip compression, also there's no multiple events (CloudWatch trigger shoots once per event) Long story short, try the "/services/collector/event" HEC endpoint and this simplified code in index.js (understanding is much recommended) const loggerConfig = { url: process.env.SPLUNK_HEC_URL, token: process.env.SPLUNK_HEC_TOKEN, }; const SplunkLogger = require('./lib/mysplunklogger'); const logger = new SplunkLogger(loggerConfig); exports.handler = (event, context, callback) => { console.log('Received event:', JSON.stringify(event, null, 2)); const parsed = JSON.parse(JSON.stringify(event,null,2)); let count = 1; /* Log event to Splunk with explicit event timestamp. - Use optional 'context' argument to send Lambda metadata e.g. awsRequestId, functionName. - Change "item.timestamp" below if time is specified in another field in the event. - Change to "logger.log(item.message, context)" if no time field is present in event. */ //logger.logWithTime(parsed.timestamp, item.message, context); /* Alternatively, UNCOMMENT logger call below if you want to override Splunk input settings */ /* Log event to Splunk with any combination of explicit timestamp, index, source, sourcetype, and host. - Complete list of input settings available at http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector */ logger.logEvent({ time: new Date(parsed.time).getTime() / 1000, host: parsed.source, //'serverless', source: `lambda:${context.functionName}`, sourcetype: 'aws:cloudwatchlogs:yoursourcetype', // index: 'main', event: parsed.detail, }); // Send all the events in a single batch to Splunk logger.flushAsync((error, response) => { if (error) { callback(error); } else { console.log(`Response from Splunk:\n${response}`); console.log(`Successfully processed ${count} log event(s).`); callback(null, count); // Return number of log events } }); };
... View more