×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
blehnhar
New Member
Member since: ‎08-07-2017
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-07-2017
View All

Re: Splunk App for AWS: How to configure the app w...

by in All Apps and Add-ons
‎08-14-2017 09:02 AM
‎08-14-2017 09:02 AM
It seems like adding multiple accounts GREATLY increases cpu usage. Additional accounts seems to slow splunk web down considerably. I spun up a c4.2xlarge in AWS and The cpu is at almost 90% with 7 accounts added with cloudtrail inputs for each account. This is sort of frustrating. I'm thinking my only other option is to just configure an s3 input for splunk. I would think I'd be able to pull in more accounts than this. ... View more

Splunk App for AWS: How to configure the app with ...

by in All Apps and Add-ons
‎08-07-2017 01:00 PM
‎08-07-2017 01:00 PM
I have cloudtrail logs for around 20 AWS accounts that I want to pull into Splunk. I'm using Splunk Web. The way I'm doing this is to create a single bucket to store the cloudtrail logs and then a separate trail, sns topic, and sqs queue for each region in each account. In Splunk, I create an input for each account and then add the sqs queue for each region to the input. That way I pull in separate SQS queues but they are still under one input. In total, I'll have around 20 inputs for AWS if I do it this way. Should be this be fine in Splunk Web? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM