All Apps and Add-ons

How do you get aws:cloudwatch working in the Splunk AWS App?

jamin358
Explorer

I've been trying to get the Splunk App for AWS working by following the Splunk docs but I cannot get any of the Cloudwatch data to be ingested. I'm receiving aws:cloudtrail, aws:description, aws:billing and aws:config just fine so I must be doing something right?

  • I've checked my permissions so that in my aws policy, I have permissions for everything that the aws app needs - following http://docs.splunk.com/Documentation/AWS/5.0.2/Installation/ConfigureyourAWSpermissions.
  • In my AWS add-on, I have in my inputs a cloudwatch input type with the correct account and role with the above permissions.
  • In AWS, I have also ticked the "Receive Billing Alerts" button in the Billing Management Preferences Page.

This help page - http://docs.splunk.com/Documentation/AWS/5.0.2/Installation/ConfigureyourAWSservices - says that there is no further configuration for the cloudwatch data to be ingested by Splunk, so I am clearly missing something. Any advice would be greatly appreciated.

Thanks in advance

0 Karma

stefanhutchison
Explorer

Have you looked in your internal logs for any messages from the app while it is doing the cloudwatch pull? They are quite informative.

0 Karma
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...