All Apps and Add-ons

Pull Logs from AWS CloudWatch to On-Prem Splunk Environment - using Splunk AWS App

Observer

Hello ,

We have Splunk Enterprise server on and installed the Splunk App for AWS and Splunk Add-on for AWS.

Configure AWS account details in Splunk configurations with required IAM roles and permissions but not able to pull the Cloud Watch Logs into on-premises Splunk server.

Please refer the below snaps for same.

Splunk1.JPGSplunk2.JPG

 

Tried same by installing the Splunk on AWS EC2 and Assign the role to EC2 instance and working fine.
Can you please help on this? I have searched on the internet regarding the same but not not the concrete solution for this.

I will appreciate your help.

Thank You
Suraj Shinde

Labels (2)
0 Karma

Observer

Can you help me to find the logs from Splunk server. Where is located?

0 Karma

Champion

Did you see any errors when input from add-on is running?

————————————
If this helps, give a like below.
0 Karma

Observer

Hi
I am not able to see any error messages on from UI.

Getting below warning message

Some panels may not be displayed correctly because the following inputs have not been configured: Description, CloudWatch.
Or, the saved search "Addon Metadata - Summarize AWS Inputs" is not enabled on Add-on instance

But I have configured the Inputs for description and CloudWatch

0 Karma