All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to reingest missing Cloudwatch Input Logs

sharte
Explorer
‎09-04-2019 05:54 AM

Apologies if already asked but I was unable to find something, So it was noticed this morning that one of our aws:cloudwatch inputs on Splunk Add on for Aws 4.60 had stopped forwarding logs since the 21st of August, once the input was recreated it started pulling the fresh logs from that moment on wards.

I am looking to ingest the missing 15 days or so of data but am unable to identify how to achieve this.

Any help is much appreciated.
I have tried setting a new input with the setting:
query_window_size = 20160 but I am not seeing any success from this,

Current Application: Splunk Add-on for AWS
App Version
4.6.0
App Build
8
Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

KranthiGhanta
Engager
‎10-30-2019 03:36 PM

Hi @sharte,

If you are having a cloudwatch log group for your data, it can be easy, you can use this method here https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/S3ExportTasksConsole.html and from S3 bucket , you can grab the data into splunk using AWS-Addon app

hope it could help you,

View solution in original post

Reply
Solved! Jump to solution
Solution

KranthiGhanta
Engager
‎10-30-2019 03:36 PM

Hi @sharte,

If you are having a cloudwatch log group for your data, it can be easy, you can use this method here https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/S3ExportTasksConsole.html and from S3 bucket , you can grab the data into splunk using AWS-Addon app

hope it could help you,

Reply
Solved! Jump to solution

sharte
Explorer
‎11-08-2019 04:50 AM

Thanks for your suggestion, unfortunately it didn't help in the original case, as our cloudwatch data was that was missing had aged out, but I have made use since with another issue.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...