All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk addon for AWS: Only last message in log stream stored in Splunk

FeatureCreeep
Path Finder
‎07-09-2018 10:21 AM

I'm very new to AWS and am setting this up for the first time. I have a "CloudWatch" input for my metrics and a "CloudWatch Logs" input for my logs. The metrics feed works fine. The only problem is that the data that is stored in Splunk from the CloudWatch Logs feed is only the last message in each log stream.

Since I'm getting data, I know most of my settings are correct but something isn't right. For reference, I'm using 60 second interval.

Ideas?

0 Karma
Reply

tophercullen
Explorer
‎07-11-2018 07:36 AM

Are the log coming from lambda? could be this issue: https://answers.splunk.com/answers/671220/lambda-cloudwatch-logs-often-missing-due-to-edge-c.html?mi...

0 Karma
Reply

tophercullen
Explorer
‎07-11-2018 07:29 AM

If these logs are coming from lambda functions, it won't work. I litreally just made a post about it. https://answers.splunk.com/answers/671220/lambda-cloudwatch-logs-often-missing-due-to-edge-c.html

0 Karma
Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...