All Apps and Add-ons

Splunk AWS App - Instance Usage Info Not Showing Up

dpatnam
Path Finder

Hello,

I configured the Splunk AWS App. After some trial and error I am able to get the Cloud-trail logs and also the Billing info to show up. However the instance usage, the ebs volume and the ebs snapshot sections are empty. Is there any additional configuration that's needed on the app to get these sections to show up? I am also wondering if there is a way to specify a particular billing CSV file to load from the billing S3 bucket. Any help on these questions would be greatly appreciated. 

Thank you.

0 Karma

grinabms
Explorer

For the instance, volume, and EBS usage, the app writes logs into $SPLUNK_HOME/etc/apps/SplunkAppforAWS/log.

Take a look to see if you have any log data in opstmp.txt, final22.txt, ci1.txt, and ebs1.txt. These files are overwritten every time the scripts run. When the scripts are running correctly, here is a sample of the file contents:

opstmp.txt:
05-05-2014 14:29:00 +0000 subaccount=pete region=us-east-1d instanceid=i-12341234
instancetype=m1.small cpuutilization=0 networkin=118 networkout=142
05-05-2014 14:28:00 +0000 subaccount=pete region=us-east-1d instanceid=i-12341234
instancetype=m1.small cpuutilization=0 networkin=42 networkout=28

ebs1.txt:
05-05-2014 14:36:24 +0000 subaccountid=123412341234 region=us-east-1 start_time=2014-01-15T13:11:29.000Z snap_id=snap-12341234 size=35 vol_snapshot_id=vol-12341234 snap_tags=[Name=hpwin-root] stype=S
05-05-2014 14:36:24 +0000 subaccountid=123412341234 region=us-east-1 start_time=2014-03-17T18:49:04.000Z snap_id=snap-12341234 size=8 vol_snapshot_id=vol-12341234 snap_tags=[None] stype=S

ci1.txt:
05-05-2014 14:36:24 +0000 instancetype=m3.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=webtest] uptimedays=60
05-05-2014 14:36:24 +0000 instancetype=m1.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=abc abc-test=DC1] uptimedays=62

final22.txt:
05-05-2014 14:36:24 +0000 instancetype=m3.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=testutm] uptimedays=6 spot=N running=Y reserved=N
05-05-2014 14:36:24 +0000 instancetype=m1.small region=us-east-1d subaccount=pete instanceid=i-12341234 tags=[Name=newdev-test] uptimedays=6 spot=N running=Y reserved=N

Hope this helps,
Pete

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...