All Apps and Add-ons

No "AWS:ELB:AccessLogs" sourcetype in splunk

eliutr
New Member

Hi I can't seem to find the sourcetype "aws:elb:accesslogs" in Splunk even though I install the "Splunk Add-On for AWS" plugin. The version is 4.5.0 .

0 Karma

tiagofbmm
Influencer

Have you configured your account and access logs input maybe via an S3 to SQS based input?

0 Karma

eliutr
New Member

I have yes. I've already setup the inputs as describe in the documentation. The problem is I can't seem to find the logs anywhere in the index I set or anywhere in Splunk.

0 Karma

sharte
Explorer

1.Did you set up the input as an sqs input or generic s3/etc/?
2.Are you sure the elb is a classic elb or an alb ?
(sourcetype=aws:alb:accesslogs -> will have to be typed into the sourcetype field as not auto-populated)
3. Check your Splunk User Credentials allow you to pull the logs. (IAM USER ON AWS)
4.

0 Karma
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

A few months ago, we released Splunk Enterprise Security 8.0 for our cloud customers. Today, we are excited to ...

Logs to Metrics

Logs and Metrics Logs are generally unstructured text or structured events emitted by applications and written ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...