Getting Data In

AWS SQS Logs not ingested by Splunk Enterprise

sbmsplunk
Observer

I've deployed  an architecture with a centralized s3 bucket that forwards AWS logs to an SQS queue. In Splunk side, I have an enterprise edition, already installed the Splunk Add-ons for AWS, set the input as Custom>SQS and Configurations as follows:

- account number, access keys

- IAM role with assume role permissions.

I stil can't get logs in Splunk, any guidance for trouble-shooting? Also, is it possible to share a reference example of SQS access policies?

 

Thanks

0 Karma
Get Updates on the Splunk Community!

ATTENTION!! We’re MOVING (not really)

Hey, all! In an effort to keep this Slack workspace secure and also to make our new members' experience easy, ...

Splunk Admins: Build a Smarter Stack with These Must-See .conf25 Sessions

  Whether you're running a complex Splunk deployment or just getting your bearings as a new admin, .conf25 ...

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...