Terraform

We've created a Terraform script that will set up a few resources you can use to try out LogSlash. You can find those resources in our public copper-interface GitHub repository.

Setup

  1. Clone the LogSlash interface repositories

git clone git@github.com:arctype-dev/copper-interface.git && cd copper-interface
  1. Change into the terraform directory

cd terraform
  1. Initialize the Terraform configuration

terraform init
  1. Deploy the infrastructure to your team's AWS instance

terraform apply
  1. Update the constant values associated with your team's LogSlash AWS deployment

    1. Log in to your team's AWS console

    2. Navigate to: "Systems Manager" > "Parameter Store"

    3. Select the constant value to be changed

    4. Click Edit

    5. Set "Value" to:

ParameterValue

splunk_host

The Splunk endpoint of your team's Splunk instance (e.g., https://prd-5-f232.splunkcloud.com)

splunk_hec_token

The HEC token for your team's Splunk instance.

copper_api_token

The LogSlash API token for your team.

Usage

  1. Upload log files into your team's LogSlash AWS Simple Storage Service (S3)

    1. Log in to your team's AWS console

    2. Navigate to: "S3"

    3. Select the "copper-logs-bucket" S3 Bucket

    4. Click Upload

    5. Upload the log file(s) you'd like to be processed (note: this file(s) must be in .json, .xml, or .evt)

  2. The LogSlash engine intelligently deduplicates and normalizes this file(s)

  3. The processed files are sent to your team's Splunk HEC endpoint

  4. The uploaded log files are deleted from the S3 Bucket

Removal

  1. Change into the terraform directory

cd terraform
  1. Destroy the AWS stack created via Terraform

terraform destroy

Last updated