{"id":31816620,"url":"https://github.com/splunk/splunk-aws-serverless-apps","last_synced_at":"2025-10-11T09:57:16.382Z","repository":{"id":27047962,"uuid":"54156371","full_name":"splunk/splunk-aws-serverless-apps","owner":"splunk","description":"Splunk AWS Serverless applications and Lambda blueprints","archived":false,"fork":false,"pushed_at":"2024-10-31T12:06:58.000Z","size":198,"stargazers_count":57,"open_issues_count":18,"forks_count":61,"subscribers_count":25,"default_branch":"master","last_synced_at":"2024-10-31T13:19:52.768Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-17T22:44:03.000Z","updated_at":"2024-10-30T07:38:50.000Z","dependencies_parsed_at":"2024-10-31T13:19:57.078Z","dependency_job_id":"feb79ba5-63f9-42a7-9d70-032a321324bb","html_url":"https://github.com/splunk/splunk-aws-serverless-apps","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/splunk/splunk-aws-serverless-apps","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-aws-serverless-apps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-aws-serverless-apps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-aws-serverless-apps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-aws-serverless-apps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/splunk-aws-serverless-apps/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-aws-serverless-apps/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006747,"owners_count":26084185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-11T09:57:15.317Z","updated_at":"2025-10-11T09:57:16.373Z","avatar_url":"https://github.com/splunk.png","language":"JavaScript","readme":"# Splunk AWS Serverless Apps\nSplunk AWS Serverless applications and [Lambda blueprints](https://www.splunk.com/blog/2016/11/29/announcing-new-aws-lambda-blueprints-for-splunk.html), including associated CloudFormation templates (using [SAM](https://github.com/awslabs/serverless-application-model)) for automated packaging \u0026 deployment.\n\n## Table of Contents\n* **[Getting Started](#getting-started)**\n     * **[Prerequisites](#prerequisites)**\n     * **[Installing](#installing)**\n     * **[Packaging](#packaging)**\n     * **[Deploying](#deploying)**\n* **[Development \u0026 Test](#development--test)**\n     * **[Available npm tasks](#available-npm-tasks)**\n     * **[Setup test environment](#setup-test-environment)**\n     * **[Run integration test](#run-integration-test)**\n\n## Getting Started\n\n### Prerequisites\n- AWS CLI\n- Node.js v4.3 or later.\n- Splunk Enterprise 6.3.0 or later, or Splunk Cloud.\n- Splunk HTTP Event Collector token from your Splunk Enterprise server.\n- S3 bucket to host artifacts uploaded by CloudFormation e.g. Lambda ZIP deployment packages\n\nYou can use the following command to create the Amazon S3 bucket, say in `us-east-1` region\n```\naws s3 mb s3://\u003cmy-bucket-name\u003e --region us-east-1\n```\n\n### Installing\nFirst cd into any of the serverless applications:\n```\ncd splunk-cloudwatch-logs-processor\n```\nCopy over the sample `.npmrc`:\n```\ncp .npmrc.sample .npmrc\n```\nThen modify `.npmrc` file to set required configuration settings to match your environment, such as `parm_hec_url` which specifies the URL of your Splunk HTTP Event Collector endpoint.\n\nThen install node package dependencies:\n```\nnpm install\n```\n\n### Packaging\nTo build the Serverles Application Module deployment package:\n```\nnpm run build:zip\n```\nThis will package the necessary Lambda function(s) and dependencies into one local deployment zip as specified in `package.json` build script. i.e. for Splunk CloudWatch Serverless Application it creates `splunk-cloudwatch-logs-processor.zip`\n\nThen upload all local artifacts needed by the SAM template to your previously created S3 bucket. You can do this either using **npm** task or directly using **AWS CLI**:\n\n**Upload using npm:**\n\nBefore you run this command please ensure that you have set correct values in your application .npmrc\n```\nnpm run build:template\n```\n\n**Upload using AWS CLI**\n```\naws cloudformation package \n    --template template.yaml \n    --s3-bucket \u003cmy-bucket-name\u003e \n    --output-template-file template.output.yaml\n```\n\nThe command returns a copy of the SAM template, in this case `template.output.yaml`, replacing all references to local artifacts with the S3 location where the command uploaded the artifacts. In particular, `CodeUri` property of the Lambda resource points to the deployment zip `splunk-cloudwatch-logs-processor.zip` in the Amazon S3 bucket that you specified.\n\n### Deploying\n**Deploy using npm:**\n\nBefore you run this command please ensure that you have set correct values in your application .npmrc\n```\nnpm run build:deployment\n```\n\n**Deploy using AWS CLI**\n\nExample below is specific to Splunk Splunk CloudWatch Serverless Application. `parameter-overrides` will differ by Splunk Serverless Application and you will need to adjust accordingly. Alternatively, you can use npm task above which retrieves the configurations defined in .npmrc\n```\naws cloudformation deploy \n    --template $(pwd)/template.output.yaml \n    --parameter-overrides \n        SplunkHttpEventCollectorURL='https://\u003cmy-splunk-ip-or-fqdn\u003e:8088/services/collector' \n        SplunkHttpEventCollectorToken=\u003cmy-splunk-hec-token\u003e \n        CloudWatchLogsGroupName=\u003cmy-cwl-group-name\u003e \n    --capabilities \"CAPABILITY_IAM\" --stack-name my-cloudwatch-logs-forwarder-stack\n```\n\n## Development \u0026 Test\n\n### Available npm tasks\nFor each serverless application, you can use the following npm tasks:\n\n| command | description |\n| --- | --- |\n| `npm run set:env`| creates .npmrc file in your local project. set project variables here |\n| `npm run lint` | run eslint rules against .js files |\n| `npm run build:zip` | create zip SAM deployment package with required .js files |\n| `npm run build:template` | uploads SAM deployment package with required template files to AWS S3 Bucket|\n| `npm run build:deployment` | creates CloudFormation Stack and deploys SAM package from AWS S3 Bucket|\n| `npm run clean` | remove zip deployment package |\n| `npm run test` (or `npm test`) | run simple integration test with live Splunk Enterprise instance. More details in section below. |\n| `npm run build` | runs entire build flow: `build:zip` then `build:template` and then `build:deployment` |\n\n### Setup test environment\n\n\u003e\u003e\u003e\u003e This section requires updates \u003c\u003c\u003c\u003c\ni.e. instead of setEnv can use\n\"test\": \"SPLUNK_HEC_URL=$npm_config_kinesis_hec_url SPLUNK_HEC_TOKEN=$npm_config_kinesis_hec_token node integration-test.js\",\n    \nFor test-driven development, you can easily run a simple integration test as you develop the Lambda function.\nFirst, copy over the provided setEnv bash script in root folder:\n```\ncp setEnv.sh.template setEnv.sh\n```\nModify `setEnv.sh` contents to set the values of `SPLUNK_HEC_URL` and `SPLUNK_HEC_TOKEN` to point to a local (or remote) Splunk Enterprise test instance and its valid HEC token. Then, source these environment variables:\n```\nsource setEnv.sh\n```\n### Run integration test\nNow, you can run a simple integration test to validate functionality of the Lambda function and ensure events are being indexed correctly in Splunk Enterprise:\n```\nnpm test\n```\nThis command first runs lint checks against Lambda function code. Only after successfully lint checks, this command will run the Lambda function passing it the event in `sampleEvent.json` along with `SPLUNK_HEC_URL` and `SPLUNK_HEC_TOKEN` environment variables. The function output and final status is directed to standard out. Here's an example of a successful execution:\n```bash\n$ npm test\n\u003e splunk-cloudwatch-logs-processor@0.8.1 pretest\n\u003e npm run lint\n...\n\u003e splunk-cloudwatch-logs-processor@0.8.1 test\n\u003e node integration-test.js\n\nReceived event: {\n  \"awslogs\": {\n...\n...\n}\nDone\nDecoded payload: {\n...\n...\n}\nSending event(s)\nResponse received\nResponse from Splunk:\n{\"text\":\"Success\",\"code\":0}\nSuccessfully processed 2 log event(s).\n[ null, 2 ]\n```\n\n## Authors\n* **Roy Arsan** - [rarsan](https://github.com/rarsan)\n* **Tarik Makota** - [tmakota](https://github.com/tmakota)\n* **Nicolas Stone** - [nstonesplunk](https://github.com/nstonesplunk)\n\n\nSee also the list of [contributors](https://github.com/splunk/splunk-aws-lambda-blueprints/contributors) who participated in this project.\n\n## License\nSplunk AWS Serverless Apps are released under the MIT license. Details can be found in the [LICENSE](LICENSE.txt) file.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-aws-serverless-apps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Fsplunk-aws-serverless-apps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-aws-serverless-apps/lists"}