Getting Data In

Help with firehose ingestion

brent_weaver
Builder

Hello all... I am trying to use the Splunk-Trumpet project to a HEC end point with indexer ack, a valid SSL cert and internet facing. I can use curl to POST data to this endpoint with SSL enabled, so this tells me that at the most basic levels my HEC and it's associated infra is setup right.

Since this sets up an S3 bucket for backup should the firehose fail, i am able to browse that and I see the following message:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>E1B619A2DC6BDD3F</RequestId>
<HostId>
pBxYzfWxtG+IfA77uG2ozJ3RNaEf8h4lv83lRDCJ7hmBYU4cPRMSRKk8CxNP761OjONm21jZNLM=
</HostId>
</Error>

Any help is MUCH appreciated, this is a HUGE improvement over the previous ingestion methods.

0 Karma

badrinath_itrs
Communicator

This appears to be some sort of problem with AWS Permission.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...