All Apps and Add-ons

Splunk App and Add-on for AWS: Why are we unable to get data from a specific sub sourcetype inside AWS description?


We are not getting data from the specific sub source type inside AWS description -- ELB , all other sources such as EBS is working fine. We configured it in Splunk App for AWS thru metadata. Any Advice.
We are seeing this error in Splunk with this search : index=_internal ERROR sourcetype="aws:description:log"

12:09:50.518 PM 
2016-12-21 17:09:50,518 ERROR pid=5326 tid=Thread-9 | Failed to collect description data for elastic_load_balancers, error=Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/description_mod/", line 66, in index_data
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/description_mod/", line 86, in _do_index_data
    results = self._api(task)
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/description_mod/", line 59, in load_balancers
    instances = elb_conn.describe_instance_health(
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/boto/ec2/elb/", line 554, in describe_instance_health
    [('member', InstanceState)])
  File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/boto/", line 1186, in get_list
    raise self.ResponseError(response.status, response.reason, body)
BotoServerError: BotoServerError: 400 Bad Request
ErrorResponse xmlns="">
    Message>Rate exceeded</Message>
0 Karma

Splunk Employee
Splunk Employee

Which Addon version are you using? The Throttling issue has been fixed in the latest version.

0 Karma



So we contacted splunk support for this, their respond:
In order to rectify this, you will need to contact Amazon and discuss increasing your API call limit with them.
AWS respond:
The API limit is measured per account (all IAM users and Services) and cannot be changed. This is to protect all customers and maintain a stable environment which is fair to all customers

See the dilemma here , you are saying : The Throttling issue has been fixed in the latest version ??

0 Karma


Our current Add -on version is 4.1.1 and Splunk app aws is 4.2.1 .

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti &#x1f389; —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...