Re: Is it possible to send aws logs to non-aws Spl...

wtl1 · ‎03-08-2018

We are using AWS and looking into sending our aws logs to an on-prem splunk server as opposed to spinning up a splunk aws instance and sending them there. Is it possible to send them to a splunk server not in aws? or is this capability currently there?

amiracle · ‎03-26-2018

Yes, you can install the Splunk Add-on for AWS on an on-prem server and have it pull the data down from AWS and then forward it to your indexers. You will only need an AWS account with programatic access along with the Access and Secret keys.

deepashri_123 · ‎03-08-2018

Hey wtl1,

For Splunk AWS add-on you can refer the document below:
http://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements.
http://docs.splunk.com/Documentation/AddOns/released/AWS/ConfigureAWSpermissions.

Let me know if this helps!!

wtl1 · ‎03-08-2018

I saw those articles before. But are for standing up an Splunk instance in AWS. I was looking at seeing we could use our current splunk server, which would not be in AWS.

tmak · ‎03-11-2018

Yes you can. Depending on which connection to your AWS VPC is (DirectConnect or VPN) or if you don't have connection at all your approaches would be different.
If you don't have DX or VPN connection then using HEC is your best option, otherwise forwarder ought to work just fine. One thing to take into consideration is the data egress charges.

deepashri_123 · ‎03-08-2018

Yes you can do that.You need to create a Splunk IAM role on AWS for that and add this IAM role on the server where you install the add-on.

Is it possible to send aws logs to non-aws Splunk server

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?