All Apps and Add-ons

How do you get aws:cloudwatch working in the Splunk AWS App?

jamin358
Explorer

I've been trying to get the Splunk App for AWS working by following the Splunk docs but I cannot get any of the Cloudwatch data to be ingested. I'm receiving aws:cloudtrail, aws:description, aws:billing and aws:config just fine so I must be doing something right?

  • I've checked my permissions so that in my aws policy, I have permissions for everything that the aws app needs - following http://docs.splunk.com/Documentation/AWS/5.0.2/Installation/ConfigureyourAWSpermissions.
  • In my AWS add-on, I have in my inputs a cloudwatch input type with the correct account and role with the above permissions.
  • In AWS, I have also ticked the "Receive Billing Alerts" button in the Billing Management Preferences Page.

This help page - http://docs.splunk.com/Documentation/AWS/5.0.2/Installation/ConfigureyourAWSservices - says that there is no further configuration for the cloudwatch data to be ingested by Splunk, so I am clearly missing something. Any advice would be greatly appreciated.

Thanks in advance

0 Karma

stefanhutchison
Explorer

Have you looked in your internal logs for any messages from the app while it is doing the cloudwatch pull? They are quite informative.

0 Karma
Get Updates on the Splunk Community!

Splunk Smartness with Brandon Sternfield | Episode 3

Hello and welcome to another episode of "Splunk Smartness," the interview series where we explore the power of ...

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...