All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do you get aws:cloudwatch working in the Splunk AWS App?

jamin358
Explorer
‎04-24-2018 03:25 AM

I've been trying to get the Splunk App for AWS working by following the Splunk docs but I cannot get any of the Cloudwatch data to be ingested. I'm receiving aws:cloudtrail, aws:description, aws:billing and aws:config just fine so I must be doing something right?

  • I've checked my permissions so that in my aws policy, I have permissions for everything that the aws app needs - following http://docs.splunk.com/Documentation/AWS/5.0.2/Installation/ConfigureyourAWSpermissions.
  • In my AWS add-on, I have in my inputs a cloudwatch input type with the correct account and role with the above permissions.
  • In AWS, I have also ticked the "Receive Billing Alerts" button in the Billing Management Preferences Page.

This help page - http://docs.splunk.com/Documentation/AWS/5.0.2/Installation/ConfigureyourAWSservices - says that there is no further configuration for the cloudwatch data to be ingested by Splunk, so I am clearly missing something. Any advice would be greatly appreciated.

Thanks in advance

0 Karma
Reply

stefanhutchison
Explorer
‎05-11-2018 01:58 AM

Have you looked in your internal logs for any messages from the app while it is doing the cloudwatch pull? They are quite informative.

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...