Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Help with firehose ingestion

brent_weaver
Builder
‎12-23-2019 10:16 AM

Hello all... I am trying to use the Splunk-Trumpet project to a HEC end point with indexer ack, a valid SSL cert and internet facing. I can use curl to POST data to this endpoint with SSL enabled, so this tells me that at the most basic levels my HEC and it's associated infra is setup right.

Since this sets up an S3 bucket for backup should the firehose fail, i am able to browse that and I see the following message:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>E1B619A2DC6BDD3F</RequestId>
<HostId>
pBxYzfWxtG+IfA77uG2ozJ3RNaEf8h4lv83lRDCJ7hmBYU4cPRMSRKk8CxNP761OjONm21jZNLM=
</HostId>
</Error>

Any help is MUCH appreciated, this is a HUGE improvement over the previous ingestion methods.

0 Karma
Reply

badrinath_itrs
Communicator
‎12-23-2019 04:44 PM

This appears to be some sort of problem with AWS Permission.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...