Note: Be careful when sending data from AWS to an on-premises Splunk Enterprise instance. Sending large amounts of data "out" of AWS may result in excessive egress cost and latency.
A Lambda function contains code, dependencies, and configuration information. Configuration includes information like the handler that will receive the event, the AWS Identity and Access Management (IAM) role that AWS Lambda can use to execute the Lambda function, the compute resource that should be allocated and an execution timeout. For general information about AWS Lambda, see https://aws.amazon.com/lambda.
AWS Lambda can receive event data from Amazon Kinesis, Amazon DynamoDB, Amazon S3, and other Amazon services, and then send it on to HEC. You can collect the data using HEC in Splunk Cloud, which also runs on AWS, or in Splunk Enterprise on-premises.
Note: As in Splunk Enterprise, HTTP Event Collector is disabled by default in Splunk Cloud. If you will be using HEC to get data into Splunk Cloud, you will need to enable the feature first. Managed Splunk Cloud customers must open a ticket with Splunk Support to enable HEC.
The next several topics discuss creating your own Lambda functions: