All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to troubleshoot why Splunk App for AWS topology is not being populated?

mhspence_sbx
Explorer
‎11-12-2015 11:32 AM

I am testing the Splunk App for AWS. Within my development account I have some VPCs deployed in the us-east and some in us-west-2 (oregon). For some reason the topology from the us-west-2 is not being populated. I'm not sure where to go to try and troubleshoot. The AWS Config service setup looks identical between the two regions.

Looking for suggestions...

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mhspence_sbx
Explorer
‎11-13-2015 04:07 AM

Perhaps it was just a timing issue. The topology has now correctly populated. Thanks!

View solution in original post

Reply
Solved! Jump to solution

fshao_splunk
Splunk Employee
Splunk Employee
‎11-25-2015 07:49 PM

Hi,

The savedsearch in AWS App is non-scheduled at first place (which is a practice we need to follow). And you can enable it by any modifications of "AWS Config" on configuration page, then, the topology data will be generated by schedule automatically. It will run every 20 minutes.

Besides, you can also manually run the "Config: Topology Data Generator" search in the Splunk app for AWS entry in "searchs, reports and alerts".

For more information about it, please refer to http://docs.splunk.com/Documentation/AWS/4.0.0/Installation/Config

Thanks!

0 Karma
Reply
Solved! Jump to solution

ikanski
Engager
‎11-16-2015 09:22 PM

I also ran into an issue with the topology not populating. The fix was that I had to run the "Config: Topology Data Generator" in the Splunk app for AWS entry in "searchs, reports and alerts". Apparently it was defaulting to "smart mode" and returning no results. Running it with "verbose mode" returned results and was then populating some of the correct data in the topology tab.

Reply
Solved! Jump to solution
Solution

mhspence_sbx
Explorer
‎11-13-2015 04:07 AM

Perhaps it was just a timing issue. The topology has now correctly populated. Thanks!

Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-12-2015 12:24 PM

Are you using the identical account name? The documentation says "You can only configure one VPC Flow Logs input per AWS Account Access Key ID, which you select by its corresponding friendly name. You can configure multiple VPC Flow Logs inputs for the same AWS environment, provided each one is created with a different account friendly name."

0 Karma
Reply
Solved! Jump to solution

mhspence_sbx
Explorer
‎11-12-2015 12:39 PM

Thanks for your reply. The issue I'm having is with the Topology which comes out of the AWS Config service. I am correctly getting the VPC flow logs from both regions.

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎11-12-2015 12:45 PM

My apologies! I am not very familiar with the app, so just looking at the docs to see if there would be some help there. There is some troubleshooting information in the Topology dashboard reference topic, have you done the manual search to confirm that you are getting all the data?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...