Getting Data In

S3 App is not able to fetch logs

darshan_singh01
Path Finder

Hi ,

While integrating Splunk (via S3 app) with AWS S3 ,we are finding the below error .

A connection attempt failed because connected party did not properly respond after a period of time or connected host has failed to respond”.

We are not able to add the bucket info from Splunk Web and from config file .The environment we have is a cluster environment on Splunk 5.0.5 .Is it possible to have an issue related to Port blocking etc ?? Our environment is in AWS VPC .
Early response would be really appreciable ...

0 Karma

darshan_singh01
Path Finder

thanks ...

Could you confirm on which port S3 bucket will be connected ?

0 Karma

darshan_singh01
Path Finder

thanks ...

Could you confirm on which port S3 bucket will be connected ?

0 Karma

bsheppard_splun
Splunk Employee
Splunk Employee

I asked a colleague for suggestions. What the error indicates is that whatever reason, the Splunk add-on can't make a call to the S3 bucket. It could be a firewall or VPC configuration, or other AWS permissions. Most often, an error like that is usually is caused by something like a firewall.

One other idea. Look in the splunkd.log ($SPLUNK_HOME/var/log/splunk/splunkd.log) and see if the input had posted any additional information there. The S3 input is actually pretty simple, so there's usually not much that can go wrong other than connectivity (or a typo).

Hope these help at least narrow down your trouble shooting.

Happy Splunking,

Brett

0 Karma
Get Updates on the Splunk Community!

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

The University of Nevada, Las Vegas (UNLV) is another premier research institution helping to shape the next ...

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...