×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
grahmorl
Explorer
Member since: ‎03-01-2018
‎06-05-2020
Community Statistics
Posts 5
Solutions 1
Karma Given 0
Karma Received 3
Member Since ‎03-01-2018
Activity Feed
Topics I've Started
View All

Re: Splunk Add-on for AWS Hangs

by in All Apps and Add-ons
‎04-26-2018 08:01 AM
‎04-26-2018 08:01 AM
@klaxdal - My issue was actually happening on a completely new install of Splunk and the AWS components. So nothing configured or in /local So I think my problem was a little different to yours. But many thanks for your comment. ... View more

Re: Splunk Add-on for AWS Hangs

by in All Apps and Add-ons
‎04-26-2018 07:59 AM
‎04-26-2018 07:59 AM
@deepashri_123 - Thanks for your comment. The issue was somewhat more involved and not hardware related (i.e. not a performance issue). But thank your message. ... View more

Re: Splunk Add-on for AWS Hangs

by in All Apps and Add-ons
‎04-26-2018 07:57 AM
‎04-26-2018 07:57 AM
@richgalloway - Of course. I was just waiting to my answer to be approved by the moderator. 😉 ... View more

Re: Splunk Add-on for AWS Hangs

by in All Apps and Add-ons
‎04-26-2018 05:47 AM
2 Karma
‎04-26-2018 05:47 AM
2 Karma
After a few months of back and forth with Splunk Support, we got to the root cause. The credit for this goes to the unnamed (sorry, I don't know their name) AWS Add-on developer, who the support case got escalated to. They flagged that there was a global boto configuration file (/etc/boto.cfg) which was causing a conflict with some assumed defaults which the AWS Add-on relies on. To summarise: Problem: - This problem presented as a hanging / spinning ‘Loading’ icon in the Splunk AWS Add-on Inputs and Configuration views. - A search in the _internal index for “aws ERROR” showed python stack trace error messages. - The problem appears to be configuration in the /etc/boto.cfg file. This is a global configuration file, so the settings in here are conflicting with the defaults (if there was no config file), which the Splunk AWS Add-on relies on. - The file is created due to the default installation of Google’s gcloud / gsutil command line tools. The tools are installed by default on Google Cloud Compute (GCP) hosted servers. - Our initial AWS integration testing was using GCP account to host the HFs, whilst waiting for access to a different AWS account. Solution: - You don't really want remove the /etc/boto.cfg configuration file because those servers might need these tools to access GCP services / APIs. - In addition, even if we removed it, there is the possibility that other tools could create it in the future. - Therefore the fix is to do something which will only affect Splunk. - What we did was, in the $SPLUNK_HOME/etc/splunk-launch.conf file we added the environment variable: BOTO_CONFIG=/tmp/does_not_exist - This sets the BOTO_CONFIG variable for just the Splunk process specifically to a file which doesn’t exist. - Because the files doesn’t exist, the defaults, as opposed to the global /etc/boto.cfg are used. - Therefore there is now no conflict for the Splunk AWS Add-on, which runs under the Splunk process. I hope this helps others who may be having similar issues. Or at least points them in a direction to look into. Graham. ... View more

Splunk Add-on for AWS Hangs

by in All Apps and Add-ons
‎03-01-2018 03:53 AM
1 Karma
‎03-01-2018 03:53 AM
1 Karma
Hi, I'm having issues getting the Splunk Add-on for AWS to work on a completely clean installation of Splunk. I'm using the latest version of the Add-on from Splunkbase (v4.4.0) and I've tried on both Splunk 6.6.6 and 7.0.2 The problem I'm having is that if you go to either the 'Inputs' or 'Configuration' pages, the web interface just hangs with a spinning 'Loading' icon. This is similar to this question: https://answers.splunk.com/answers/338274/splunk-app-for-aws-configuration-page-hangs.html But unfortunately there's no accepted answer for this. Looking in splunkd.log index=_internal source="/opt/splunk/var/log/splunk/splunkd.log" sourcetype=splunkd ERROR aws It appears to be a whole host of REST errors. Has anyone else come across this issue? And perhaps has a solution? Thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All