AWS CDK
We've created an AWS CDK stack that will set up a few resources that you can use to try out LogSlash. You can find those resources in our public copper-interface GitHub repository.
Prerequisites
Node.js | |
Node Package Manager (npm) | |
Python | |
AWS Account | |
AWS CLI | |
AWS CDK | |
Splunk HTTP Event Collector (HEC) |
Setup
Clone the LogSlash interface repositories
Install the necessary prerequisites and libraries
Change into the
aws_cdk
directory
Create an AWS bootstrap stack
Deploy the AWS bootstrap stack
Update the constant values associated with your team's LogSlash AWS deployment
Log in to your team's AWS console
Navigate to: "Systems Manager" > "Parameter Store"
Select the constant value to be changed
Click Edit
Set "Value" to:
Parameter | Value |
---|---|
splunk_host | The Splunk endpoint of your team's Splunk instance (e.g., https://prd-5-f232.splunkcloud.com) |
splunk_hec_token | The HEC token for your team's Splunk instance. |
copper_api_token | The LogSlash API token for your team. |
Usage
Upload log files into your team's LogSlash AWS Simple Storage Service (S3)
Log in to your team's AWS console
Navigate to: "S3"
Select the "copper-logs-bucket" S3 Bucket
Click Upload
Upload the log file(s) you'd like to be processed (note: this file(s) must be in .json, .xml, or .evt)
The LogSlash engine intelligently deduplicates and normalizes this file(s)
The processed files are sent to your team's Splunk HEC endpoint
The uploaded log files are deleted from the S3 Bucket
Removal
Change into the
aws_cdk
directory
Destroy the AWS bootstrap stack
Last updated