Skip to main content


Splunk Lantern

Critical AWS Lambda metrics

You might want to view and alert on critical AWS Lambda metrics when doing the following:


In order to execute this procedure in your environment, the following data, services, or apps are required:


Lambda functions may be an integral part of the correct operation of cloud native applications. Failures, throttles, or slow execution of Lambda functions could result in problems for upstream users or applications. You need to alert on these conditions.

To optimize the search shown below, you should specify a time range.

  1. Ensure that your deployment is ingesting AWS data through one of the following methods:
    • Pulling the data from Splunk via AWS APIs. At small scale, pull via the AWS APIs will work fine.
    • Pushing the data from AWS into Splunk via Lambda/Firehose to Splunk HTTP event collector. As the size and scale of either your AWS accounts or the amount of data to be collected grows, pushing data from AWS into Splunk is the easier and more scalable method.
  2. Run the following search: 
index="<AWS index name>" metric_dimensions="FunctionName=*" 
| table _time metric_dimensions metric_name Average Unit

Search explanation

The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.

Splunk Search Explanation
index="<AWS index name>" Search the index(s) where AWS data is stored.
metric_dimensions="FunctionName=*" Filter the results down to only Lambda function metrics.
sourcetype="aws:cloudwatch" Filter the results to only the AWS CloudWatch data.
| table _time metric_dimensions metric_name Average Unit Display the results in a table with columns in the order shown.


Use these results to gain visibility into the health and performance of all Lambda functions deployed across your AWS infrastructure and take appropriate action.