AWSTemplateFormatVersion: '2010-09-09' Description: Splunk Logs and Metric Streams Integration Parameters: SplunkAccessToken: Type: String NoEcho: true Description: "Copy your Splunk Observability access token with INGEST authorization scope from Settings > Access Tokens." SplunkIngestUrl: Type: String Description: "Find the real-time data ingest URL in Profile > Account Settings > Endpoints. Note: do NOT include endpoint path here: for instance use https://ingest.us1.signalfx.com instead of https://ingest.us1.signalfx.com/v1/cloudwatch_metric_stream." EnabledRegions: Type: CommaDelimitedList Description: "Enter a comma-delimited list of regions from which you want to collect logs and metric streams. For example: \"us-east-1,eu-central-1,ap-south-1\"." RedactionRule: Type: String Description: "Replace text matching the supplied regular expression with redaction rule replacement." Default: "" RedactionRuleReplacement: Type: String Description: "Replace text matching the redaction rule with the following text." Default: "**REDACTED**" IncludeLogFields: Type: String Description: "If this is set to \"false\", the function will forward only raw log line from the source. If set to \"true\", the function will forward both the raw log line and fields it parsed out from the line. The default value of \"false\" is meant to reduce log volume" Default: "false" Metadata: AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Required Parameters Parameters: - SplunkAccessToken - SplunkIngestUrl - EnabledRegions - Label: default: (Optional) Sensitive data redaction Parameters: - RedactionRule - RedactionRuleReplacement - Label: default: (Optional) Additional fields from S3 log files Parameters: - IncludeLogFields ParameterLabels: SplunkAccessToken: default: "Access token" SplunkIngestUrl: default: "Real-time data ingest endpoint" EnabledRegions: default: "Regions to deploy to" RedactionRule: default: "Redaction rule" RedactionRuleReplacement: default: "Redaction rule replacement" IncludeLogFields: default: "Include log fields" Resources: SplunkAwsLogsCollectorRegionalResources: Type: AWS::CloudFormation::StackSet Properties: StackSetName: SplunkAwsLogsCollectorRegionalResources Description: Create regional resources for Splunk AWS Logs Collector Capabilities: - CAPABILITY_NAMED_IAM PermissionModel: SELF_MANAGED StackInstancesGroup: - DeploymentTargets: Accounts: - !Ref "AWS::AccountId" Regions: !Ref EnabledRegions Parameters: - ParameterKey: SplunkAccessToken ParameterValue: !Ref SplunkAccessToken - ParameterKey: SplunkIngestUrl ParameterValue: !Ref SplunkIngestUrl - ParameterKey: RedactionRule ParameterValue: !Ref RedactionRule - ParameterKey: RedactionRuleReplacement ParameterValue: !Ref RedactionRuleReplacement - ParameterKey: IncludeLogFields ParameterValue: !Ref IncludeLogFields TemplateURL: https://o11y-public.s3.amazonaws.com/aws-cloudformation-templates/release/template_logs_regional.yaml SplunkMetricStreamsRegionalResources: Type: AWS::CloudFormation::StackSet Properties: StackSetName: SplunkMetricStreamsRegionalResources Description: Create regional resources for Splunk integration with CloudWatch Metric Streams Capabilities: - CAPABILITY_NAMED_IAM PermissionModel: SELF_MANAGED StackInstancesGroup: - DeploymentTargets: Accounts: - !Ref "AWS::AccountId" Regions: !Ref EnabledRegions Parameters: - ParameterKey: SplunkAccessToken ParameterValue: !Ref SplunkAccessToken - ParameterKey: SplunkIngestUrl ParameterValue: !Ref SplunkIngestUrl TemplateURL: https://o11y-public.s3.amazonaws.com/aws-cloudformation-templates/release/template_metric_streams_regional.yaml