I'm testing out Splunk for indexing Amazon CloudFront logs which get stored automatically into Amazon S3. I'm attempting to pull in via the Amazon S3 Add-on.
Yesterday, I installed splunk and the S3 addon. After processing a day or so of logs, I ran into my trial license limit. No problem, I've got enough data to get some work done. Today I'd like to get some more data into my index. Is Splunk supposed to automatically be checking for more data? Is there a way I can force it to start updating again?
Edit
This appears to be an issue with the Splunk for Amazon S3 issue. But, I still do not know how to resolve it.
INFO ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" Connecting to my-bucket.s3.amazonaws.com.
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" Traceback (most recent call last):
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" File "/Applications/splunk/etc/apps/s3/bin/s3.py", line 697, in <module>
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" run()
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" File "/Applications/splunk/etc/apps/s3/bin/s3.py", line 408, in run
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" objs = get_objs_from_bucket(key_id, secret_key, bucket, subdir)
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" File "/Applications/splunk/etc/apps/s3/bin/s3.py", line 361, in get_objs_from_bucket
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" conn = get_http_connection(key_id, secret_key, bucket, obj = None, query_string = query_string)
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" File "/Applications/splunk/etc/apps/s3/bin/s3.py", line 195, in get_http_connection
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" conn.connect()
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" File "/Applications/splunk/lib/python2.7/httplib.py", line 757, in connect
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" self.timeout, self.source_address)
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" File "/Applications/splunk/lib/python2.7/socket.py", line 553, in create_connection
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" for res in getaddrinfo(host, port, 0, SOCK_STREAM):
ERROR ExecProcessor - message from "python /Applications/splunk/etc/apps/s3/bin/s3.py" socket.gai error: [Errno 8] nodename nor servname provided, or not known
INFO ExecProcessor - Ran script: python /Applications/splunk/etc/apps/s3/bin/s3.py, took 2926.8 seconds to run, 0 bytes read, exited with code 1
... View more