S3 App is not able to fetch logs

darshan_singh01 · ‎02-03-2014

Hi ,

While integrating Splunk (via S3 app) with AWS S3 ,we are finding the below error .

A connection attempt failed because connected party did not properly respond after a period of time or connected host has failed to respond”.

We are not able to add the bucket info from Splunk Web and from config file .The environment we have is a cluster environment on Splunk 5.0.5 .Is it possible to have an issue related to Port blocking etc ?? Our environment is in AWS VPC .
Early response would be really appreciable ...

darshan_singh01 · ‎02-06-2014

thanks ...

Could you confirm on which port S3 bucket will be connected ?

darshan_singh01 · ‎02-06-2014

thanks ...

Could you confirm on which port S3 bucket will be connected ?

bsheppard_splun · ‎02-03-2014

I asked a colleague for suggestions. What the error indicates is that whatever reason, the Splunk add-on can't make a call to the S3 bucket. It could be a firewall or VPC configuration, or other AWS permissions. Most often, an error like that is usually is caused by something like a firewall.

One other idea. Look in the splunkd.log ($SPLUNK_HOME/var/log/splunk/splunkd.log) and see if the input had posted any additional information there. The S3 input is actually pretty simple, so there's usually not much that can go wrong other than connectivity (or a typo).

Hope these help at least narrow down your trouble shooting.

Happy Splunking,

Brett

S3 App is not able to fetch logs

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout