All Apps and Add-ons

How to poll messages from AWS SQS to Splunk?

abovebeyond
Communicator

Hi, one of our services is sending messages to AWS SQS , how can i poll them to Splunk?

Thanks

Tags (1)
0 Karma
1 Solution

bmacias84
Champion

Hello,

Try AWS SQS Poller. Its an app I built which I currently use in production.

View solution in original post

0 Karma

bmacias84
Champion

Hello,

Try AWS SQS Poller. Its an app I built which I currently use in production.

0 Karma

abovebeyond
Communicator

Thanks , SQS Poller is better !

0 Karma

hchinta
Explorer

@bmacias84- SQS Poller app stopped working after the upgrade of Splunk to 6.6.5

ERROR ExecProcessor - message from "/opt/splunk/etc/apps/sqs_poller/bin/sqs_poller.sh" Modular input Invalid arguments to modular input script: /opt/splunk/bin/node,/opt/splunk/etc/apps/sqs_poller/bin/app/sqs_poller.js

0 Karma

bmacias84
Champion

This Add-on has been superseded by AWS Add-on created by Splunk since they add this functionality. AWS SQS Poller latest version compatibility is 6.3.x.

0 Karma

hchinta
Explorer

ok Thanks!

0 Karma

javiergn
Super Champion

Hi,

Take a look at this: http://docs.splunk.com/Documentation/AddOns/latest/AWS/ConfigureAWS

Configure AWS Config

The Splunk Add-on for AWS collects events from a Simple Queue Service (SQS) that subscribes to the Simple Notification Service (SNS) notification events from AWS Config. Configure AWS Config to produce these notifications, then create the SQS for the app to access them.

1. Enable Config by following the AWS Config setup guide: http://docs.aws.amazon.com/config/latest/developerguide/setting-up.html.

2. Follow the AWS Config Getting Started guide (http://docs.aws.amazon.com/config/latest/developerguide/getting-started.html) to specify an S3 bucket to save the data and an SNS topic to stream Config notifications to. Do not use an existing bucket or SNS. Following the AWS Config setup allows AWS to automatically create the IAM role for AWS config so that it has the necessary permissions for the bucket and SNS.

Note: Do not use periods in your S3 bucket name. Using periods in bucket names causes an AWS certificate validation issue. For more information, see http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html.

3. Finish the setup steps in the AWS Config Getting Started guide and verify that you have successfully completed the setup process. If you used the AWS console, you should see the Resource Lookup page. If you use the CLI, you can follow this verification guide: http://docs.aws.amazon.com/config/latest/developerguide/gs-cli-verify-subscribe.html.

4. Create a new SQS.

5. Subscribe the SQS exclusively to the the SNS Topic that you created in Step 2.

6. Grant IAM permissions to access the S3 bucket and SQS to the AWS account that the app uses to connect to your AWS environment. See "Configure AWS permissions" for details. 
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...