Hi, i met with Splunk at the AWS conference the other week and really liked the reporting features. I was advised to go to the AWS store and launch the AMI file (which creates the EC2 instance, sets up the security group, etc.). After successfully doing that, i was then able to browse to the IP address of the newly created "splunk server". This is now where i am stuck, i need to configure inputs for services such as "cloudwatch". After reading the instructions i seem to be a little lost, the AMI created the security group for me, but the instructions say to apply the group to the EC2 instance which i am not sure how to do. So currently my dashboard shows (ZERO) for all data until i think i create some inputs. I'm hoping someone in here has worked on getting this up and running. I called support a few times, but they cannot help because i did not purchase a license, i'm using the free version? It appears you cant talk to tech support unless you're licensed, so this is my last resort in terms of help. If this question has been asked already, i apologize and ask if you can link me to the correct post. Thanks!
You can also look at this video, which has some information that might be helpful on the AWS side. While some of the info in this video is outdated, the overall flow of configuration it shows is helpful. https://www.youtube.com/watch?v=ZITShqH5z8M
Note, only pay attention to the single instance information, and in the Splunk AMI version you have, the configuration is on the Splunk Add-on for AWS (not the App for AWS).
Thank you gneumann, i found that i do not have the AWS add-on installed. I went and downloaded it, but do not know how to install the add-on. I followed the instructions here http://docs.splunk.com/Documentation/AddOns/released/Overview/SplunkLightinstall FYI i am using Splunk Light. When going to the DATA>Add-Ons, it shows an error that nothing is installed, i do not have any options to upload or install the add-ons. I cant do a screen shot because i dont have enough karma points, but here is what the error says:
Add-Ons "! Unable to fetch supported add-ons for Splunk Light. Try again at a later time. If this error persists, please contact customer support"