Deployment Architecture

Cloud splunk-S3 bucket Failed to collect s3 data

mshruti
New Member

Hi all ,
I have configured my splunk- aws add on and aws app . But I am getting the following error in /opt/splunk/var/log/splunk/splunk_ta_aws_s3_main.log -

ERROR pid=16834 tid=MainThread file=aws_s3.py:run:132 | Failed to collect s3 data, error=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_s3.py", line 129, in run
_do_run()
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/aws_s3.py", line 100, in _do_run
asconfig.AWSS3Conf, "aws_s3", logger)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/taaws/ta_aws_common.py", line 117, in get_configs
tasks = conf.get_tasks()
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/s3_mod/aws_s3_conf.py", line 73, in get_tasks
task[asc.initial_scan_datetime])
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/s3_mod/aws_s3_conf.py", line 91, in _get_last_modified_time
scan_datetime)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/taaws/ta_aws_common.py", line 182, in parse_datetime
r = endpoint.get(time=time_str, output_time_format="%s")
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunklib/client.py", line 688, in get
**query)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunklib/binding.py", line 237, in wrapper
return request_fun(self, *args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunklib/binding.py", line 61, in new_f
val = f(*args, **kwargs)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunklib/binding.py", line 582, in get
response = self.http.get(path, self._auth_headers, **query)
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunklib/binding.py", line 1053, in get
return self.request(url, { 'method': "GET", 'headers': headers })
File "/opt/splunk/etc/apps/Splunk_TA_aws/bin/splunklib/binding.py", line 1108, in request
raise HTTPError(response)
HTTPError: HTTP 400 Bad Request -- Invalid time.

I have given proper bucket policies to my s3 bucket.

Any pointers will be appreciable.

Tags (1)
0 Karma

ejenson_splunk
Splunk Employee
Splunk Employee

We are having this same issue. Was anyone able to make progress on this.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...