All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk AWS App - Instance Usage Info Not Showing Up

dpatnam
Path Finder
‎04-16-2014 12:17 PM

Hello,

I configured the Splunk AWS App. After some trial and error I am able to get the Cloud-trail logs and also the Billing info to show up. However the instance usage, the ebs volume and the ebs snapshot sections are empty. Is there any additional configuration that's needed on the app to get these sections to show up? I am also wondering if there is a way to specify a particular billing CSV file to load from the billing S3 bucket. Any help on these questions would be greatly appreciated.

Thank you.

0 Karma
Reply

grinabms
Explorer
‎05-05-2014 08:30 AM

For the instance, volume, and EBS usage, the app writes logs into $SPLUNK_HOME/etc/apps/SplunkAppforAWS/log.

Take a look to see if you have any log data in opstmp.txt, final22.txt, ci1.txt, and ebs1.txt. These files are overwritten every time the scripts run. When the scripts are running correctly, here is a sample of the file contents:

opstmp.txt:
05-05-2014 14:29:00 +0000 subaccount=pete region=us-east-1d instanceid=i-12341234
instancetype=m1.small cpuutilization=0 networkin=118 networkout=142
05-05-2014 14:28:00 +0000 subaccount=pete region=us-east-1d instanceid=i-12341234
instancetype=m1.small cpuutilization=0 networkin=42 networkout=28

ebs1.txt:
05-05-2014 14:36:24 +0000 subaccountid=123412341234 region=us-east-1 start_time=2014-01-15T13:11:29.000Z snap_id=snap-12341234 size=35 vol_snapshot_id=vol-12341234 snap_tags=[Name=hpwin-root] stype=S
05-05-2014 14:36:24 +0000 subaccountid=123412341234 region=us-east-1 start_time=2014-03-17T18:49:04.000Z snap_id=snap-12341234 size=8 vol_snapshot_id=vol-12341234 snap_tags=[None] stype=S

ci1.txt:
05-05-2014 14:36:24 +0000 instancetype=m3.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=webtest] uptimedays=60
05-05-2014 14:36:24 +0000 instancetype=m1.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=abc abc-test=DC1] uptimedays=62

final22.txt:
05-05-2014 14:36:24 +0000 instancetype=m3.medium region=us-east-1b subaccount=pete instanceid=i-12341234 tags=[Name=testutm] uptimedays=6 spot=N running=Y reserved=N
05-05-2014 14:36:24 +0000 instancetype=m1.small region=us-east-1d subaccount=pete instanceid=i-12341234 tags=[Name=newdev-test] uptimedays=6 spot=N running=Y reserved=N

Hope this helps,
Pete

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...