kinesis-firehose-splunk
disney/kinesis-firehose-splunk/aws
This code creates/configures a Kinesis Firehose in AWS to send CloudWatch log data to Splunk.
Send CloudWatch Logs to Splunk via Kinesis Firehose This module configures a Kinesis Firehose, sets up a subscription for a desired CloudWatch Log Group to the Firehose, and sends the log data to Splunk. A Lambda function is required to transform the CloudWatch Log data from "CloudWatch compressed format" to a format compatible with Splunk. This module takes care of configuring this Lambda function. Usage Instructions In order to send this data to Splunk you will need to first obtain an HEC Token from your Splunk administrator. Once you have received the token, you can proceed forward in creating a module resource, such as the one in the Example below. You will use a KMS key of your choice to encrypt the token, as it is sensitive. Note: the user of this module is responsible for specifying
| Name | Type | Description | Default |
|---|---|---|---|
| hec_url | string | Splunk Kinesis URL for submitting CloudWatch logs to splunk | |
| s3_bucket_name | string | Name of the s3 bucket Kinesis Firehose uses for backups | |
| cloudwatch_log_filter_name | string | Name of Log Filter for CloudWatch Log subscription to Kinesis Firehose | "KinesisSubscriptionFilter" |
| lambda_processing_buffer_interval_in_seconds | number | Lambda processing buffer interval in seconds. | 61 |
| nodejs_runtime | string | Runtime version of nodejs for Lambda function | "nodejs22.x" |
| hec_endpoint_type | string | Splunk HEC endpoint type; `Raw` or `Event` | "Raw" |
| cloudwatch_to_firehose_trust_iam_role_name | string | IAM Role name for CloudWatch to Kinesis Firehose subscription | "CloudWatchToSplunkFirehoseTrust" |
| subscription_filter_pattern | string | Filter pattern for the CloudWatch Log Group subscription to the Kinesis Firehose | "" |
| firehose_server_side_encryption_enabled | bool | Enable SSE for Kinesis Firehose | false |
| cloudwatch_log_group_kms_key_id | string | KMS key ID of the key to use to encrypt the Cloudwatch log group | null |
| s3_backup_mode | string | Defines how documents should be delivered to Amazon S3. Valid values are FailedE | "FailedEventsOnly" |
| object_lock_configuration_mode | string | Default Object Lock retention mode you want to apply to new objects placed in th | null |
| lambda_function_timeout | number | The function execution time at which Lambda should terminate the function. | 180 |
| firehose_name | string | Name of the Kinesis Firehose | "kinesis-firehose-to-splunk" |
| kinesis_firehose_retry_duration | number | After an initial failure to deliver to Splunk, the total amount of time, in seco | 300 |
| name_cloudwatch_logs_to_ship | string | Name of the CloudWatch Log Group that you want to ship to Splunk (single log gro | null |
| s3_bucket_server_side_encryption_algorithm | string | (Required) Server-side encryption algorithm to use. Valid values are AES256 and | "AES256" |
| s3_prefix | string | Optional prefix (a slash after the prefix will show up as a folder in the s3 buc | "kinesis-firehose/" |
| hec_acknowledgment_timeout | number | The amount of time, in seconds between 180 and 600, that Kinesis Firehose waits | 300 |
| log_stream_name | string | Name of the CloudWatch log stream for Kinesis Firehose CloudWatch log group | "SplunkDelivery" |
| encryption_context | map(string) | aws_kms_secrets encryption context | {} |
| aws_s3_bucket_versioning | string | Versioning state of the bucket. Valid values: Enabled, Suspended, or Disabled. D | null |
| … and 10 more inputs | |||
cloudwatch_to_firehose_trust_arn — cloudwatch log subscription filter role_arndestination_firehose_arn — cloudwatch log subscription filter - Firehose destination arn