DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations
Building Scalable Real-Time Apps with AstraDB and Vaadin
Register Now

Trending

  • The Role of AI and Programming in the Gaming Industry: A Look Beyond the Tables
  • Writing a Vector Database in a Week in Rust
  • Send Email Using Spring Boot (SMTP Integration)
  • Application Architecture Design Principles

Trending

  • The Role of AI and Programming in the Gaming Industry: A Look Beyond the Tables
  • Writing a Vector Database in a Week in Rust
  • Send Email Using Spring Boot (SMTP Integration)
  • Application Architecture Design Principles
  1. DZone
  2. Data Engineering
  3. Databases
  4. Splunk Logging in Lambda Using Low Code Approach

Splunk Logging in Lambda Using Low Code Approach

In this article we will see how application logs can be sent to Splunk from lambda using Kumologica Splunk node.

Pranav K user avatar by
Pranav K
CORE ·
Jul. 02, 20 · Tutorial
Like (5)
Save
Tweet
Share
10.74K Views

Join the DZone community and get the full member experience.

Join For Free

splunk logging

A centralized logging management solution like Splunk, Datadog, Sumologic, etc. enables organizations to collect, analyze, and display logs through a single pane of glass.

In this article, we will see how application logs can be sent to Splunk from lambda using the Kumologica Splunk node.

Kumologica is a free low-code development tool to build serverless integrations. You can learn more in this medium article.

Use Case

In this use case, we have a mobile app application that consumes a Mobile Channel API. Behind the mobile API, we have an Order FulFilment API. The Mobile API invokes the Order FulFilment API for completing the process. When the mobile app sends the very initial request it has a Tracking id. The Tracking id traverses from the Mobile Channel API to Order FulFilment API and back.

The message passed across both applications needs to be traced based on the Tracking id in Splunk.

log managementPrerequisite

1. Kumologica designer installed in your machine. https://kumologica.com/download.html

2. Splunk cloud Trial account

Implementation

For the above-mentioned use case, we will be creating two API’s, a Mobile Channel API, and an Order FulFilment API.

Order fulfillment API

1. Open the Kumologica designer and Create a New project. And provide the name of the project as OrderFulFilmentService

2. Remove the default hello world flow.

3. Drag and drop EventListener Node from the pallet to the canvas and open the EvenListener node settings and configure the following.

Display Name : POST /order    

Event Source : Amazon API gateway     

Verb : POST     

URL : /order

4. Add Splunk Node from the Logging category.

By default, Splunk Node will not be available as part of the default Logging category.

To install the Splunk node, Go to Add More Nodes Option on the bottom of the pallet and click Install Splunk. Once Installation has completed a restart of the Designer will be required. Open the Splunk Node settings and configure the following.

Plain Text
  




x


 
1 
Display Name: Log_Entry     
2 
Host: hostname of your splunk trial account     
3 
Port: 8088
4 
Message: {“TrackingID” : msg.payload.TxnID,”ServiceName”:”Order_FullFillment”, “Data”: msg.payload }     
5 
Splunk HEC Token: Splunk HTTP Event collector Token



5. Wire the EventListener Node to the Splunk Node.

6. Drag and drop the Datamapper node from the palette to the canvas.

We are using the Datamapper node to mimic the response after an Order processing.

Open the Datamapper settings and configure the following.

Display Name: Order_ProcessResponse

Mapping: 

JSON
  




x


 
1 
{
2 
 “TrackingID” : msg.payload.TxnID,
3 
 “OrderID” : msg.payload.OrderID,
4 
 “Status” : “Processed”
5 
}



If you are not familiar with using the DataMapper node then would recommend going through the following article.

7. Wire the Splunk Node to the DataMapper Node.

8. Add the EventListener End node from the palette to the canvas. Open the settings and configure the following.

Display Name: Success     

Payload: msg.payload

With this, we have completed the development of our Order FulFilment API.

post/order

Now let’s deploy the API as lambda to your AWS account. If you are not familiar with the deployment of a Kumologica flow I would recommend having a walkthrough on the following medium article.

Note: Copy the service URL that you receive on the terminal after a successful deployment.

Mobile Channel API

1. Open the Kumologica designer and Create a New project. And provide the name of the project as MobileChannelAPIService

2. Remove the default hello world flow.

3. Drag and drop EventListener Node from the pallet to the canvas and open the EvenListener node settings and configure the following.

Display Name : POST /mobile

Event Source : Amazon API gateway

Verb : POST

URL : /mobile

4. Add Splunk Node from the Logging category.

By default, Splunk Node will not be available as part of the default Logging category.

To install the Splunk node, Go to Add More Nodes Option on the bottom of the Pallet and click Install Splunk. Once Installation has completed a restart of the Designer will be required. Open the Splunk Node settings and configure the following.

Display Name : Log_Entry     

Host : *hostname of your splunk trial account     

Port : 8088

Message : 

JSON
  




xxxxxxxxxx
1


 
1 
{
2 
 “TrackingID” : msg.payload.TxnID,
3 
 ”ServiceName”:”Mobile_Channel”,
4 
 “Data”: msg.payload
5 
}



Splunk HEC Token : Splunk HTTP Event collector Token

5. Wire the EventListener node to the Splunk Node.

6. Add the HTTP Req node from the web category in the palette to the canvas. Open the settings and configure the following.

Display Name : Invoke_OrderFulFilmentService    

Method : POST     

Url : your order service url. Configure this once

Order FulFilment Service is deployed and you receive the url .

Return : a UTF-8 string     

Response Timeout : 120000ms (default)     

Authentication : None

7. Wire the Splunk Node to the HTTP Req node.

8. Add the EventListener End node from the palette to the canvas. Open the settings and configure the following.

Display Name : Success     

Payload : msg.payload

With this, we have completed the development of our Mobile Channel API.

post/mobile

Now let’s deploy both the services separately as two different Lambda in your AWS account.

Testing

For testing purposes, I am sending the following request as input to the Mobile API.

JSON
  




xxxxxxxxxx
1
33


 
1 
 {
2 
    “OrderID”: “APQ-00001”,
3 
    “TxnID” : “0948939-AWHDH”,
4 
    “Item” : {
5 
    “Name” : “ABC Laptop”,
6 
    “Type” : “Mini-5”,
7 
    “Qty” : 1
8 
    },
9 
    “Address” :{
10 
        “Unit” : “9”,
11 
        “Street” : “TTK Street”,
12 
        “Road” : “Tower Road”,
13 
        “State” : “NSW”,
14 
        “Country” : “Australia”,
15 
        “PIN” : 94839
16 
    }
17 
   }



After you invoke the mobile channel API and when you search in Splunk with the TxnID value as the search parameter.

new searchYou would get the following log entries.

code snippet

If you want to try out this application quickly you can import the Mobile Channel and Order FulFilment API flow from this project’s repo.

Summary

Thanks for reading and I hope you enjoyed this use case and appreciate how simple it is to send Splunk event from lambda using Kumologica. We would love to hear your feedback and don’t hesitate to contact us if you have any questions.

To learn more about Kumologica check out our official documentation at kumologica.com and subscribe to our youtube channel

mobile app API

Opinions expressed by DZone contributors are their own.

Trending

  • The Role of AI and Programming in the Gaming Industry: A Look Beyond the Tables
  • Writing a Vector Database in a Week in Rust
  • Send Email Using Spring Boot (SMTP Integration)
  • Application Architecture Design Principles
Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: