Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk Enterprise
- :
- Re: Unable to configure input on Splunk Enterprise...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable to configure input on Splunk Enterprise with Splunk-Add-on for AWS
I am trying to set up Splunk Add-on for AWS to pull my logs from my AWS account into splunk. I have a Splunk Enterprise setup on prem in an AWS EC2 server. I used the Splunk Enterprise AMI. I have attached an EC2 instance role that has administrator access. When I try to configure an input, I get the error - Unexpected error "<class 'splunktaucclib.rest_handler.error.RestError'>" from python handler: "REST Error [400]: Bad Request -- An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid. Please make sure the AWS Account and Assume Role are correct.". See splunkd.log/python.log for more details.
Note: I did not add any account or IAM role manually in the Splunk UI. The IAM role was autodiscovered by Splunk, and is visible in the Account tab in the Configurations page.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@subramanianers I guess it's something to do with the IAM role attached to your EC2 instance.
you can try removing it and attach new IAM role and see if that works ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@sanjeev543 I have tried it several times. It did not work.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have also created a user with admin privileges, and configured its access id and secret key in Accounts tab in Configuration page. Even while using that account to configure an input, I am getting the same error.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am getting this error only when I try to configure input for any AWS resource using Generic S3 option
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
