https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470335#M57799 <P>One of the alternatives to ingest AWS VPC Flow Logs into Splunk is with NetFlow Optimizer (NFO). There are additional benefits that can be achieved by using NFO: data consolidation and enrichment (EC2 instances names, regions, etc.) </P> <P>Here is the link to learn more <A href="https://bit.ly/2w5Pa5L">https://bit.ly/2w5Pa5L</A></P> <P>Should you have any questions, please don’t hesitate to reach out and we’ll be happy to help you.</P> Wed, 01 Apr 2020 19:01:41 GMT NetFlow_Logic 2020-04-01T19:01:41Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470333#M57797 <P>Hi,</P> <P>I've been trying, unsuccessfully, to configure a Splunk HEC endpoint to consume AWS VPC Flow Logs via Firehose. </P> <P>Having slowly worked through various errors, including HEC acknowledgement being disabled, SSL certificates issues, I thought I had beaten the last of them. However, I am now getting a rather unhelpful error in my Firehose failed events log as follows:</P> <P>"attemptsMade":34,"arrivalTimestamp":1567429559545,"errorCode":"Splunk.ConnectionTimeout","errorMessage":"The connection to Splunk timed out. This might be a transient error and the request will be retried. Kinesis Firehose backs up the data to Amazon S3 if all retries fail."</P> <P>Having had previous errors stating that the HEC indexer acknowledgement was disabled, and that ELB stickiness was not enabled, I'm fairly certain I am getting traffic to and from my Splunk instances. So I am not sure now why this is timing out. Is there any way to understand what is causing this? HEC Acknowledgement timeout is set to 600 seconds, so I don't believe it is this (plus that has its own error and corresponding code). </P> <P>Any help gratefully received as I've been through all the documentation I can find, and am now stumped!</P> Mon, 02 Sep 2019 14:28:29 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470333#M57797 andycohen 2019-09-02T14:28:29Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470334#M57798 <P>I built an app to help troubleshoot firehose issues : <A href="https://github.com/amiracle/kinesis_data_firehose_helper" target="_blank">https://github.com/amiracle/kinesis_data_firehose_helper</A> (It will be on splunkbase soon once it gets vetted.) You can use this to help troubleshoot some of the issues and make sure your setup is correct and able to send data into HEC. </P> Wed, 30 Sep 2020 04:48:41 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470334#M57798 amiracle 2020-09-30T04:48:41Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470335#M57799 <P>One of the alternatives to ingest AWS VPC Flow Logs into Splunk is with NetFlow Optimizer (NFO). There are additional benefits that can be achieved by using NFO: data consolidation and enrichment (EC2 instances names, regions, etc.) </P> <P>Here is the link to learn more <A href="https://bit.ly/2w5Pa5L">https://bit.ly/2w5Pa5L</A></P> <P>Should you have any questions, please don’t hesitate to reach out and we’ll be happy to help you.</P> Wed, 01 Apr 2020 19:01:41 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Splunk-HEC-AWS-VPC-Flow-Logs-Timeout/m-p/470335#M57799 NetFlow_Logic 2020-04-01T19:01:41Z