Hi Splunk Answers, this isn't a question per se, however, I think it will help people who might find this via Google. I found a bug in the Splunk App for AWS that results in a user being unable to configure a CloudTrail input to ingest data from AWS CloudTrail. Even if a user has successfully set up their chain of AWS services (CloudTrail > S3 > SNS > SQS), the config form does not auto-populate the names of the existing Simple Queues that fit the app's criteria. I found this to be due to a bug in the code governing which queues populate this drop-down. The file in question is $AWS_APP_ROOT/bin/aws/aws_utils.py in the function get_sqs_of_topics() on line 128. The relevant excerpt of the get_sqs_topics function from the app's original code is as follows: # match queues sqs = set() for subscription in subscriptions: if subscription['Protocol'] == 'sqs': topic_name = extract_name_from_arn(subscription['TopicArn']) if topic_name in topics: sqs.add((extract_name_from_arn(subscription['Endpoint']), subscription['Endpoint'])) return sqs The fix is below: # match queues sqs = set() for subscription in subscriptions: if subscription['Protocol'] == 'sqs': #FIX IS BELOW topic_name = subscription['TopicArn'] # FIX IS ABOVE if topic_name in topics: sqs.add((extract_name_from_arn(subscription['Endpoint']), subscription['Endpoint'])) return sqs In a nutshell, the original code is extracting a portion of an ARN and then attempting to use the excerpt to do an exact string match to a full-ARN which doesn't work. To fix this, I modified it to simply not extract the "name" from the ARN and to simply use the full ARN to perform the string match. Hope this helps someone, and I hope that the Splunk Product guys see this and implement a fix! Best, Conner Swann ... View more