All Apps and Add-ons

Splunk App and Add-on for AWS: Why are we unable to get data from a specific sub sourcetype inside AWS description?

jmajumdar
Explorer

We are not getting data from the specific sub source type inside AWS description -- ELB , all other sources such as EBS is working fine. We configured it in Splunk App for AWS thru metadata. Any Advice.
We are seeing this error in Splunk with this search : index=_internal ERROR sourcetype="aws:description:log"

12/21/16
12:09:50.518 PM 
2016-12-21 17:09:50,518 ERROR pid=5326 tid=Thread-9 file=aws_description_data_loader.py:index_data:69 | Failed to collect description data for elastic_load_balancers, error=Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/description_mod/aws_description_data_loader.py", line 66, in index_data
    self._do_index_data()
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/description_mod/aws_description_data_loader.py", line 86, in _do_index_data
    results = self._api(task)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/description_mod/elb_description.py", line 59, in load_balancers
    instances = elb_conn.describe_instance_health(elb.name)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/boto/ec2/elb/__init__.py", line 554, in describe_instance_health
    [('member', InstanceState)])
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/boto/connection.py", line 1186, in get_list
    raise self.ResponseError(response.status, response.reason, body)
BotoServerError: BotoServerError: 400 Bad Request
ErrorResponse xmlns="http://elasticloadbalancing.amazonaws.com/doc/2012-06-01/">
  Error>
    type>Sender</Type>
    Code>Throttling</Code>
    Message>Rate exceeded</Message>
  /Error>
  RequestId>48643482-c7a0-11e6-b950-0b60a6e6017b
/ErrorResponse>
Collapse
0 Karma

pchen_splunk
Splunk Employee
Splunk Employee

Which Addon version are you using? The Throttling issue has been fixed in the latest version.

0 Karma

jmajumdar
Explorer

@pchen

So we contacted splunk support for this, their respond:
In order to rectify this, you will need to contact Amazon and discuss increasing your API call limit with them.
AWS respond:
The API limit is measured per account (all IAM users and Services) and cannot be changed. This is to protect all customers and maintain a stable environment which is fair to all customers

See the dilemma here , you are saying : The Throttling issue has been fixed in the latest version ??

0 Karma

jmajumdar
Explorer

Our current Add -on version is 4.1.1 and Splunk app aws is 4.2.1 .

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...