I'm trying to configure my splunk cloud server to use Splunk for AWS.
I followed this tutorial : http://docs.splunk.com/Documentation/AddOns/latest/AWS/Description
Unfortunately, no information are gathered by splunk, and I don't know what is wrong.
How can I troubleshooting this add-on?
How can I find some logs, or something like that?
troubleshooting guidance begins here: http://docs.splunk.com/Documentation/AddOns/latest/AWS/Troubleshooting
The first item is a link to generic troubleshooting guidance, which will probably be most useful in this case: http://docs.splunk.com/Documentation/AddOns/released/Overview/Troubleshootadd-ons
The top search in that table could be modified to
index = _internal source=*aws_cloudwatch*
View solution in original post
Thank you for your answer.
I modified the destination index for my sources and now it's works, I got some events gattered by splunk.
But, when I try to do a search, I got this error :
AWSFailed to find a valid configuration for multikv stanza = 'tsv_cloudwatch
I found a solution here : http://answers.splunk.com/answers/226899/why-am-i-getting-error-awsfailed-to-find-a-valid-c.html#ans...
But I don't know how to change this value on the Splink Cloud Server.
Can you help me ?
disabling the stanza as recommended is one option, or making sure the config can be found so the stanza works as intended is another. In both cases, on Cloud you should chat with the cloud ops team through a ticket.