Pull Logs from AWS CloudWatch to On-Prem Splunk En...

surajdevops18 · ‎09-25-2020

Hello ,

We have Splunk Enterprise server on and installed the Splunk App for AWS and Splunk Add-on for AWS.

Configure AWS account details in Splunk configurations with required IAM roles and permissions but not able to pull the Cloud Watch Logs into on-premises Splunk server.

Please refer the below snaps for same.

Tried same by installing the Splunk on AWS EC2 and Assign the role to EC2 instance and working fine.
Can you please help on this? I have searched on the internet regarding the same but not not the concrete solution for this.

I will appreciate your help.

Thank You
Suraj Shinde

surajdevops18 · ‎09-25-2020

Can you help me to find the logs from Splunk server. Where is located?

thambisetty · ‎09-25-2020

Did you see any errors when input from add-on is running?

————————————
If this helps, give a like below.

surajdevops18 · ‎09-25-2020

Hi
I am not able to see any error messages on from UI.

Getting below warning message

Some panels may not be displayed correctly because the following inputs have not been configured: Description, CloudWatch.
Or, the saved search "Addon Metadata - Summarize AWS Inputs" is not enabled on Add-on instance

But I have configured the Inputs for description and CloudWatch

Pull Logs from AWS CloudWatch to On-Prem Splunk Environment - using Splunk AWS App

configuration

installation

Index This | How many sides does a circle have?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?