cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
georgec24
Observer
Member since: ‎02-17-2021
‎05-28-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-17-2021
Activity Feed
View All

Splunk Add-on for AWS error: Not data collection t...

by in All Apps and Add-ons
‎02-17-2021 05:35 AM
‎02-17-2021 05:35 AM
Hello, I have an Enterprise instance in an EC2 instance (all in one box, free trial) and trying to get CloudTrail logs to it using the "Splunk Add-on for AWS" (S3 Bucket > Event Notification > SNS > SQS > EC2 Instance with IAM Role ). In the logs from _internal I see that the files are picked up from S3 (   message= " Wrote   data   to   STDOUT   success . ",  message= " Sent   data   for   indexing . ",   message= " Delete   SQS   message " etc. ) but then I get only these messages:   message= " No   data   input   has   been   configured ,  exiting... " and   message= " Not   data   collection   tasks   for   aws_description   is   discovered.   Doing   nothing   and   quitting   the   TA. ". The CloudTrail logs do not show up in main indexer or anywhere else so everything is lost somewhere after this << message= " Sent   data   for   indexing . ">> Again, everything is in one box in EC2 (Splunk Enterprise free trial). If anyone has a solution to this, it would be greatly appreciated, thanks! ... View more
Labels

Re: Splunk App for AWS: How to resolve error "Data...

by in All Apps and Add-ons
‎02-17-2021 05:31 AM
‎02-17-2021 05:31 AM
Hello, has anyone figured out this issue? I face something similar. I have an Enterprise instance in an EC2 instance (all in one box, free trial) and trying to get CloudTrail logs to it using the "Splunk Add-on for AWS" (S3 Bucket > Event Notification > SNS > SQS > EC2 Instance with IAM Role ). In the logs from _internal I see that the files are picked up from S3 ( message= " Wrote data to STDOUT success . ",  message= " Sent data for indexing . ",  message= " Delete SQS message " etc. ) but then I get only these messages:  message= " No data input has been configured , exiting... " and  message= " Not data collection tasks for aws_description is discovered. Doing nothing and quitting the TA. ". The CloudTrail logs do not show up in main indexer or anywhere else so everything is lost somewhere after this << message= " Sent data for indexing . ">> Again, everything is in one box in EC2 (Splunk Enterprise free trial). If anyone has a solution to this, it would be greatly appreciated, thanks! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-28-2021 08:27 AM