Thundra: Serverless Observability for AWS Lambda

The black box nature of AWS Lambda and other serverless environments means that identifying and fixing performance issues is difficult and time-consuming. Built for straightforward debugging, monitoring, and observability, Thundra provides deep insight into your entire serverless environment. Thundra collects and correlates all your metrics, logs, and traces, allowing you to quickly identify problematic invocations and also analyzes external services associated with that function. With Thundra’s zero overhead and automated instrumentation capabilities, your developers are free to write code without worrying about bulking up their Lambdas or wasting time on chasing black box problems.

Get Started    Discussions

Installation Guide

In order to see Thundra data on your Splunk instance there are three steps you will need to complete.

Step 1: Get a License Key

In order to run Thundra Integrator for the Splunk AMI, you will need to the Thundra License Key. Please fill the form in this page, and we will contact you with your license key shortly.

Step 2: Install the Thundra Integration for Splunk AMI on your AWS EC2 Instance

Thundra provides an AWS CloudFormation template to easily set up your integration.
Below is the deployment topology created from the CloudFormation template. It includes:

  • The Thundra Receiver App that collects, transforms and aggregates data from the Thundra Lambda agent.
  • The Splunk universal forwarder that sends that data to your Splunk instance.
  • A data volume that temporarily stores the files and data collected from the Thundra agent. This data volume cleanses the Thundra data hourly.

To deploy the Thundra Integration for Splunk AMI:

  • Access AWS CloudFormation console
  • Click Create Stack
  • Select Specify an Amazon S3 template URL and enter on which we host the CloudFormation template.
  • Click Next.
  • Fill out the template:

    1. Enter a Stack Name (Example: thundra-splunk-forwarder)

    2. Optional: Enter an EBS Volume Size (Default: 50GBs. We are cleaning the data written here hourly, so we thought that 50GBs is enough. Please feel free to adjust this size for your expected hourly data volumes.)

    3. Select Enable HTTPS to enable or disable SSL with a self signed certificate

    4. Select the appropriate EC2 KeyPair name to enable SSH access to your EC2 instance

    5. Enter your Splunk Admin password for your Splunk Deployment

    6. Enter the IP address range that your EC2 instance will have SSH access to
    7. Enter optional API Key Prefix and/or API Key values.
      - These API keys are used to update the Thundra agent to send data to the Thundra-Splunk Integrator instead of the Thundra Web Console.
      - Enter API Key Prefix. Any Thundra agents that uses this API key prefix will be allowed to send data to the Thundra-Splunk Integrator.
      - Enter allowed API Keys. Any Thundra agent that uses this explicitly set API key will be able to send data to the Thundra-Splunk Integrator. Enter API Key(s) as a comma separated list.

If you do not provide an API key or API key prefix the Thundra-Splunk Integrator will accept data without any authentication. We highly discourage this approach as it is not considered best practice.

** IMPORTANT**: Record your API key information!

Write down or record your API key prefix or API keys!!! You will need to enter them into the Thundra agent YML file in Step 3 of the setup.

  1. Enter the Thundra license key created from the Thundra Web Console
  2. Enter the port number through which Thundra-Splunk Integrator will receive the Thundra agent data
  3. Select your EC2 instance type

Below is a list of the parameters and value requirements needed to fill out the CloudFormation template:

Parameter Description Values Defaults
EBSVolumeSize Size of the attached EBS volume in GBs Numeric value 50
EnableHTTPs To run Thundra receiver over HTTPS with a self signed certificate, set this parameter to true true/false false
KeyName Keypair name for SSH into EC2 server AWS EC2 KeyPair values in the region Empty
SplunkAdminPassword Admin password for Splunk. 8-32 characters, alphanumeric only Empty
SplunkForwardServer Host name or IP address of Splunk server where data will be forwarded to Valid IPV4 IP address or hostname Empty
SSHLocation The IP address range that is allowed to SSH to the EC2 instances Valid IP range in x.x.x.x/x notation. Use for no restrictions.
ThundraAllowedApiKeyPrefix Prefix of API keys from which the Thundra-Splunk Integrator will receive data. For example, if you set the API key prefix to splunk-agent-key, the Thundra agents that can send data using this prefix include splunk-agent-key-node, splunk-agent-key-java, splunk-agent-key-go, and splunk-agent-key-python ` Alphanumeric value Empty
ThundraAllowedApiKeys Comma (',') separated list of API keys from which the Thundra-Splunk Integrator will receive data. For example, splunk-agent-key-java,splunk-agent-key-node,splunk-agent-key-go,splunk-agent-key-python Alphanumeric value Empty
ThundraLicenseKey License key for the Thundra-Splunk Integrator can be generated from Thundra Web Console. Alphanumeric value Empty
ThundraReceiverPort Port number for Thundra-Splunk Integrator to receive data over HTTP/HTTPS Numeric value between 1024 and 65536 8080
ThundraReceiverCIDR The IP address range that is allowed to send data the Thundra Receiver Must be a valid IP CIDR range of the form x.x.x.x/x.
InstanceType EC2 instance type Supported AWS EC2 instance types d2.xlarge
  • When you are finished filling out the template, click Next

While it is best practice to set tags for your EC2 instance, you are not required to do so to set up this Thundra-Splunk Integration. These options are specific to CloudFormation. For a detailed explanation see the AWS CloudFormation docs:

  • Click Next to move into the Review screen.

  • On the Review screen, review your stack details. When ready, click Create on the lower right corner of the screen to deploy your stack.

Step 3: Configure Thundra Lambda Agents to Send Data to the Thundra-Splunk Integrator

Now that the stack creation is complete, you need to send data to the Thundra-Splunk Integrator by updating your publish base URL and API key.

  • If this is your first time using Thundra, you will also need to set up the Thundra agents. Otherwise, if you are already have using Thundra with the web console, these steps will re-direct data to the Thundra-Splunk Integrator instead of the Thundra Web Console

Set up your Thundra agents if this is your first time using Thundra

If you haven't already set up Thundra agents for your Lambda functions, you will need to go through the installation instructions for Java, Python, Node.js, or Golang.

Find the endpoint URL for your Thundra-Splunk Integrator in the Output tab of your CloudFormation stack.

The format should be: <URLofYourThundraSplunkIntegratorInstance>/api.

Now, navigate to your Thundra Lambda environment variable configuration and change the API key and publish base URL.

Update thundra_apiKey values that you entered during the CloudFormations template set up and thundra_agent_lambda_report_rest_baseUrl that you obtained from the Output tab in the CloudFormation stack.

Then click Save in the upper right corner of your Thundra Lambda environment variable configuration.

You are now set up for Thundra-Splunk integration!

After successfully deploying the Thundra-Splunk Integrator CloudFormation stack, an EC2 instance will be launched with name Thundra Splunk Receiver & Forwarder.

After redeploying your Thundra Lambda with these modifications, you will be able to see the Lambda data in your Thundra Serverless Observability for Splunk App or your custom Splunk visualizer app within approximately 5 minutes. Please visit Splunk Application doc to learn more about how to use the visualization application.

Restarting `Thundra Splunk Receiver & Forwarder`

If you stop the EC2 instance and restart it at some point, you will need to manually start the server again. Refer to the following section for steps on how to do it. Moreover, DNS server address can also change, so make sure you update thundra_lambda_publish_rest_baseUrl in this case with the new address.

How to Manually Start and Stop the Thundra-Splunk Integrator

To manually start and stop your Thundra-Splunk Integrator instance :

  1. SSH into your EC2 instance with the KeyPair you entered into the CloudFormation template
  2. Go to /opt folder
  3. To start your instance: Run as root
  4. To stop your instance: Run as root

Installation Guide

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.