Splunk Enterprise

How to configure inputs for Cloudwatch

ThePublic
New Member

Hi, i met with Splunk at the AWS conference the other week and really liked the reporting features. I was advised to go to the AWS store and launch the AMI file (which creates the EC2 instance, sets up the security group, etc.). After successfully doing that, i was then able to browse to the IP address of the newly created "splunk server". This is now where i am stuck, i need to configure inputs for services such as "cloudwatch". After reading the instructions i seem to be a little lost, the AMI created the security group for me, but the instructions say to apply the group to the EC2 instance which i am not sure how to do. So currently my dashboard shows (ZERO) for all data until i think i create some inputs. I'm hoping someone in here has worked on getting this up and running. I called support a few times, but they cannot help because i did not purchase a license, i'm using the free version? It appears you cant talk to tech support unless you're licensed, so this is my last resort in terms of help. If this question has been asked already, i apologize and ask if you can link me to the correct post. Thanks!

0 Karma

gneumann_splunk
Splunk Employee
Splunk Employee

You can also look at this video, which has some information that might be helpful on the AWS side. While some of the info in this video is outdated, the overall flow of configuration it shows is helpful. https://www.youtube.com/watch?v=ZITShqH5z8M

Note, only pay attention to the single instance information, and in the Splunk AMI version you have, the configuration is on the Splunk Add-on for AWS (not the App for AWS).

0 Karma

ThePublic
New Member

Thank you gneumann, i found that i do not have the AWS add-on installed. I went and downloaded it, but do not know how to install the add-on. I followed the instructions here http://docs.splunk.com/Documentation/AddOns/released/Overview/SplunkLightinstall FYI i am using Splunk Light. When going to the DATA>Add-Ons, it shows an error that nothing is installed, i do not have any options to upload or install the add-ons. I cant do a screen shot because i dont have enough karma points, but here is what the error says:

Add-Ons "! Unable to fetch supported add-ons for Splunk Light. Try again at a later time. If this error persists, please contact customer support"

Thanks

0 Karma

gneumann_splunk
Splunk Employee
Splunk Employee

This is a bit confusing. Can you email me at gneumann@splunk.com and I can help you get on the right path. Thanks!

0 Karma

gneumann_splunk
Splunk Employee
Splunk Employee

Possibly you can look at our Splunk Add-on for AWS documentation, which has information about configuring inputs. See http://docs.splunk.com/Documentation/AddOns/released/AWS/CloudWatchLogs

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...