All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk AWS App - Instance Usage Info Not Showing Up

dpatnam
Path Finder
‎04-16-2014 12:17 PM

Hello,

I configured the Splunk AWS App. After some trial and error I am able to get the Cloud-trail logs and also the Billing info to show up. However the instance usage, the ebs volume and the ebs snapshot sections are empty. Is there any additional configuration that's needed on the app to get these sections to show up? I am also wondering if there is a way to specify a particular billing CSV file to load from the billing S3 bucket. Any help on these questions would be greatly appreciated.

Thank you.

0 Karma
Reply

grinabms
Explorer
‎05-05-2014 08:30 AM

For the instance, volume, and EBS usage, the app writes logs into $SPLUNK_HOME/etc/apps/SplunkAppforAWS/log.

Take a look to see if you have any log data in opstmp.txt, final22.txt, ci1.txt, and ebs1.txt. These files are overwritten every time the scripts run. When the scripts are running correctly, here is a sample of the file contents:

opstmp.txt:
05-05-2014 14:29:00 +0000 subaccount=pete region=us-east-1d instanceid=i-12341234
instancetype=m1.small cpuutilization=0 networkin=118 networkout=142
05-05-2014 14:28:00 +0000 subaccount=pete region=us-east-1d instanceid=i-12341234
instancetype=m1.small cpuutilization=0 networkin=42 networkout=28

ebs1.txt:
05-05-2014 14:36:24 +0000 subaccountid=123412341234 region=us-east-1 start_time=2014-01-15T13:11:29.000Z snap_id=snap-12341234 size=35 vol_snapshot_id=vol-12341234 snap_tags=[Name=hpwin-root] stype=S
05-05-2014 14:36:24 +0000 subaccountid=123412341234 region=us-east-1 start_time=2014-03-17T18:49:04.000Z snap_id=snap-12341234 size=8 vol_snapshot_id=vol-12341234 snap_tags=[None] stype=S

ci1.txt:
05-05-2014 14:36:24 +0000 instancetype=m3.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=webtest] uptimedays=60
05-05-2014 14:36:24 +0000 instancetype=m1.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=abc abc-test=DC1] uptimedays=62

final22.txt:
05-05-2014 14:36:24 +0000 instancetype=m3.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=testutm] uptimedays=6 spot=N running=Y reserved=N
05-05-2014 14:36:24 +0000 instancetype=m1.small region=us-east-1d subaccount=pete instanceid=i-12341234 tags=[Name=newdev-test] uptimedays=6 spot=N running=Y reserved=N

Hope this helps,
Pete

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...