This repo provides the necessary resources to forward data from the Traceable Platform to a Splunk HTTP Event Collector. The details below will walk you through how to get started.

Prerequisites

install aws cli
install terraform
configure aws aws configure
Splunk HEC Token - https://docs.splunk.com/Documentation/Splunk/8.2.4/Data/UsetheHTTPEventCollector

Build&Deploy

Compile the program

cd aws
make build-zip

This will create a zip file in the: bin/splunk-hec-integration-aws.zip

Configure

Review the aws/variables.tf and change the following config values:

variable "s3_bucket" {
    description = "Name S3 the Bucket to be created to store the code used by the Lambda" type = string
    default = "<CHANGE_ME>"
}

variable "splunk_hec_token" { 
    description = "Splunk HEC TOKEN" type = string
    default = "<CHANGE_ME>"
}

variable "splunk_hec_url" {
    description = "Full Url of Splunk HEC http://localhost:8088/services/collector/event" type = string
    default = "<CHANGE_ME>"
}

Deploy

cd aws 
terraform plan 
terraform apply

This will create the following as aws/variables.tf

Create S3 bucket to store this code(binary program)
Upload the bin/splunk-hec-integration-aws.zip to the s3 bucket
Create a lambda function. it will load the program from s3
Create a cloudwatch log group
IAM Role, Permissions etc for lambda exec
API Gateway, route mapping etc

Configure Traceable

Now that all the components are configured we can create a channel to push notifications in the Traceable UI. First head to the user menu in the top right and click on "Administration" from there click into "Notifications" on the left hand side.

Create a channel, here's where you'll give Traceable an avenue to push notifications. Copy the url of the lambda function from AWS and enter it under the "custom webhook" field as such:

to find the url of the lambda go to the AWS console - Lambda - Functions - Configuration - Triggers

Now the last step is to create a notification. This controls what sort of events you'd like to have pushed to Splunk. Be sure to select the channel you created in the previous step for "Who should recieve this notificaton" as outlined in the screenshot below.