All Apps and Add-ons

No "AWS:ELB:AccessLogs" sourcetype in splunk

New Member

Hi I can't seem to find the sourcetype "aws:elb:accesslogs" in Splunk even though I install the "Splunk Add-On for AWS" plugin. The version is 4.5.0 .

0 Karma

Influencer

Have you configured your account and access logs input maybe via an S3 to SQS based input?

0 Karma

New Member

I have yes. I've already setup the inputs as describe in the documentation. The problem is I can't seem to find the logs anywhere in the index I set or anywhere in Splunk.

0 Karma

Explorer

1.Did you set up the input as an sqs input or generic s3/etc/?
2.Are you sure the elb is a classic elb or an alb ?
(sourcetype=aws:alb:accesslogs -> will have to be typed into the sourcetype field as not auto-populated)
3. Check your Splunk User Credentials allow you to pull the logs. (IAM USER ON AWS)
4.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!