All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can you install the AWS ELB app on Splunk Enterprise or Cloud?

khourihan_splun
Splunk Employee
Splunk Employee
‎05-09-2014 03:52 PM

Can this app be installed on Cloud or Enterprise?

Reply
1 Solution
Solved! Jump to solution
Solution

khourihan_splun
Splunk Employee
Splunk Employee
‎05-09-2014 04:02 PM

No, the app will not work as expected in Splunk Cloud or Enterprise. Its written for Hunk, and will throw this error:

Error in 'ResultProvider': Permission denied. License does not allow execution of searches for virtual_index=elb, provider_family=hadoop

I did spend some time today re-working it to run on Splunk Cloud / Enterprise. In it, I have removed the inputs.conf and changed the sourcetype to be elb, not aws_elb.

This app assumes you have your s3: input working somehow and putting in the data as sourcetype=elb

You can get the modded version of it here.

I did talk to the creator of the ELB Hunk app, Dritan, and he said this:

the app remains Hunk only because we
don¹t have an [official] S3 input yet.
In fact, when we do, there are
optimizations that [will be made].

View solution in original post

Reply
Solved! Jump to solution

jimdoplatform
Engager
‎10-16-2015 03:23 AM

Still not possible?

Reply
Solved! Jump to solution
Solution

khourihan_splun
Splunk Employee
Splunk Employee
‎05-09-2014 04:02 PM

No, the app will not work as expected in Splunk Cloud or Enterprise. Its written for Hunk, and will throw this error:

Error in 'ResultProvider': Permission denied. License does not allow execution of searches for virtual_index=elb, provider_family=hadoop

I did spend some time today re-working it to run on Splunk Cloud / Enterprise. In it, I have removed the inputs.conf and changed the sourcetype to be elb, not aws_elb.

This app assumes you have your s3: input working somehow and putting in the data as sourcetype=elb

You can get the modded version of it here.

I did talk to the creator of the ELB Hunk app, Dritan, and he said this:

the app remains Hunk only because we
don¹t have an [official] S3 input yet.
In fact, when we do, there are
optimizations that [will be made].

Reply
Solved! Jump to solution

kaufmanm
Communicator
‎05-22-2014 08:32 AM

This is great, I was thinking about going through and doing the same thing, thanks for sharing.

0 Karma
Reply
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...