Hi All,
Am unable to pull logs present in my S3 server using the Splunk Add-on for Amazon Web Services.
Below are the steps briefly.
1. Install the App using the Splunk "Install App from file" option -> splunk-add-on-for-amazon-web-services_100.tgz
2. Specify the inputs.conf as per the spec. Here I have provided the details such as host_name, bucket_name, sourcetype, etc
3. Configure AWS account (Key ID/password) through the Setup Option under Apps
4. Correct the hostname part in /opt/splunk/etc/apps/Splunk_TA_aws/bin/taaws/s3util.py to point out to my hostname.
5. Restart Splunk
Pls point out what have I missed here to get the sync to kick-start? Also what are the logs that would help me propel my debugging efforts?
EDIT1: I have gone through the instructions @ http://docs.splunk.com/Documentation/AddOns/latest/AWS/Description
EDIT2: Extracts from /opt/splunk/var/log/splunk/aws_s3.log
2014-12-18 17:17:41,438 INFO pid=17856 tid=MainThread file=aws_s3.py:get_access_key_pwd_real:429 | get account name: default
2014-12-18 17:17:41,447 CRITICAL pid=17856 tid=MainThread file=aws_s3.py:get_access_key_pwd_real:434 | No AWS Account is configured.
Not sure why it goes for default account?
The same settings run fine with a standalone package boto!!
Help appreciated!
Hi, it goes for default if there's no account in the input.
The aws_account key was missing for me as part of the input.conf