All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

splunk app for aws: aws_vpc_flow_logs not storing data.

jarrell
Explorer
‎03-23-2020 04:00 PM

I'm trying to use the VPC security dashboards in splunk app for aws. They end up blank, with zeros for totals. I edited it to see the searches, and saw the error that aws_vpc_flow_logs either didn't exist or was empty. Well, if I search on that index there certainly seems to be nothing in it.

I see it's built by 3 saved searches, that do a bunch of calculations on the raw flow data, which does exist in my aws index, and then does a | collect into aws_vpc_flow_logs. I can run those saved searches and get pages of data, but nothing ever ends up in the aws_vpc_flow_logs index, and I don't get an error anywhere I can find.

Any idea why the collect wouldn't, well, collect?

Reply
Get Updates on the Splunk Community!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud? Learn how unique features like ...
Top