All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Amazon Web Services: How to configure an AWS Cloudtrail SQS Input on Splunk in a private network?

Venkat_16
Contributor
‎07-13-2016 05:51 AM

We have our dedicated Splunk Environment setup on AWS with Indexer and Search Head Clustering.
- Splunk App for AWS is installed on Splunk Search Head Cluster
- Splunk Add-on for Amazon Web Services is installed on a dedicated single instance server (Heavy Forwarder)

All our Splunk servers on AWS Cloud do NOT have connectivity to Internet.
They have only Private IPs - dedicated VPC/Subnet.

We are unable to configure AWS Add-On CloudTrail Input.
The SQS Queue are not getting populated on the drop-down.

What I doubt is, since we do not have connectivity to internet, the Heavy Forwarder is unable to connect to AWS API and get the required queue details, etc.
We do not want to open our AWS servers to the Internet.

For now, we have configured the AWS add-on on our on-prem Heavy Forwarder and pushing data to Indexers on AWS.
We are worrying about unnecessary data transfer between AWS API->On-Prem HF->AWS Indexers.

How do we approach this issue?

0 Karma
Reply

pchen_splunk
Splunk Employee
Splunk Employee
‎07-13-2016 05:47 PM

please refer to this: https://answers.splunk.com/answers/421913/bug-in-splunk-app-for-aws-user-unable-to-configure.html#an...

I think we should have a NAT instance in your VPC as well. Otherwise, how does addon collect cloudtrail information?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...