All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

AWS App for Splunk - ec2 dashboards not populating

mfg36
New Member
‎10-01-2021 05:58 AM

Been trying to get the AWS app working and the ec2 dashboards are not working... I have traced it down to it looking like every search is just plain wrong...  as an example:

`aws-description-sourcetype` $accountId$ $region$ source="*:$resource$" | eventstats latest(_time) as latest_time | eval latest_time=relative_time(latest_time,"-55m") | where _time > latest_time | dedup id sortby -start_time

The problem is at `dedup id sortby -start_time`.  There is no "id" field on the data... there is however "InstanceId".  It is a similar situation for every dashboard that is not populating which leads me to believe there is a job somewhere that is not running or I am missing some very fundamental thing.  Any help would be greatly appreciated... Thanks!

Labels (2)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...