All Apps and Add-ons

AWS Splunk add-on - Billing Data Input

Stokers_23
Explorer

Hi

I'm trying to setup a simple input to ingest our AWS billing data into Splunk. Our AWS billing data is stored in an S3 bucket in our parent AWS account, the Splunk HF and indexer are in another 'non prod' account which we access via switch roles.

In order to pull the data into Splunk I have configured a role in the parent account and allowed the EC2 role applied to the Splunk instance, permissions to assume it. However when I configure the Input via the AWS add on I get the following error when it tries to return a list of buckets ' Error in processing the request'

I've tested calling the sts:assumerole operation from the splunk server and I can access the bucket with no problems. So i'm reasonably confident it's not connectivity or permissions. I also can't seem to find any kind of logs to provide further detail on what the issue is - I have checked

var/log/splunk/splunk_ta_aws_aws_billing_cur_AwsBilling.log . (i've also tried setting the logging level to ERROR and DEBUG
var/log/splunk/splunkd.log

However I can't find any errors at all, can anyone advise how we might debug this further?

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...