This is in regards to the Splunk ADD On for AWS:
Immediately after downloading and configuring to connect to our AWS Account, I receive this error immediately when using the Splunk AWS Add-on Dashboard:
The search for datamodel 'CloudFront_Access_Log' failed to parse, cannot get indexes to search
Not sure if it was a permissions issue so I set the permissions on the datamodel to global but it didn't help. I've read somewhere someone had a similar problem and was resolved by "expanding the datamodel macros". Could this help in this case and if so, where should I go to do this?
Any thoughts?
Thanks!
AlexW
... View more