All Apps and Add-ons

Splunk App for AWS: How to monitor AWS snapshots and trigger an alert if there is no activity?

chrisprangnell
Path Finder

I want to create an AWS app alert

Pretty much as basic as this..

If no snapshots between this time and this time, send alert

pchen_splunk
Splunk Employee
Splunk Employee

You can search for snapshot events from " aws-config-index sourcetype="aws:config" ". In alert page, you can define interval and threshold to trigger the alert.

0 Karma

colbymahan
Explorer

I downvoted this post because it does not work due to inability to filter by aws start_time. the date time format is screwy and it collects all events rather than ones in the time range selected. thus i have 50ish historical events every hour instead of the 1 or 2 i am looking for that actually occured in the past hour.

0 Karma

colbymahan
Explorer

If there is a way to convert the timestamp on the event to reflect the start_time that AWS uses, that would probably solve the issue. I cannot find info on how to do this.

0 Karma

pchen_splunk
Splunk Employee
Splunk Employee

I don't understand your question. You aim to tigger alert if there is no snapshot for a while, do you? If it is, just use search " aws-config-index sourcetype="aws:config" ", and edit conditions in the alert dialog.

0 Karma

colbymahan
Explorer

The problem I am having is that ALL events come through every time, including from months ago, and are time-stamped by splunk as occurring at time of search. The start_time value is extracted, but as a regular value and the format is very strange ( start_time: 2016-03-19T07:01:05.000Z ) making it difficult to trigger for an event or lack of an event in a defined time range, like last 4 hours. Any tips on how to do this?

0 Karma
Get Updates on the Splunk Community!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...