Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

CloudTrail data not showing in Splunk

alanwill
Explorer
‎12-02-2013 09:55 AM

I'm using Splunk 6 with the Splunk for AWS app and trying to configure it to show CloudTrail data. I've created the SNS topic and SQS queue and can see messages in the queue but nothing is coming over to the Splunk index. The CloudTrail Log input is created, the keys are for an IAM user that has full describe access on the entire account, and I've tried entering the queue name both as the canonical name and the full arn.

Any idea what I'm missing or why this still isn't working?

Thanks,
alan

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

nkhetia
Path Finder
‎12-02-2013 05:08 PM

This issue has been resolved. IAM user didn't have enough permission to fetch data.

Allan, Could you resolve this question ?

thanks
Nilesh

View solution in original post

0 Karma
Reply
Solved! Jump to solution

alanwill
Explorer
‎12-02-2013 05:36 PM

Yes, it's resolved now. I was also able to figure out a more limiting ACL for the access keys rather than the Power User policy. You can limit access to just the queue created in SQS as follows:

{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":"sqs:*",
"Resource":"arn:aws:sqs:us-east-1::"
}
]

}

0 Karma
Reply
Solved! Jump to solution
Solution

nkhetia
Path Finder
‎12-02-2013 05:08 PM

This issue has been resolved. IAM user didn't have enough permission to fetch data.

Allan, Could you resolve this question ?

thanks
Nilesh

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...