I'm trying to follow these instructions on the blog but failing miserably: http://blogs.splunk.com/2014/09/14/splunking-heroku/
I have configured my index to receive data via port 9997 and have set a syslog drain on Heroku pointing to my indexers AWS public IP: syslog://:9997
My indexer sits on an AWS EC2 instance. Security groups allow for inbound traffic on 9997.
Looking at the instructions it reads:
Using AWS? When you use EC2 security
groups, the hostname used when you add
the drain must resolve to the 10/8
private IP address of your instance
(which must be in the us-east Amazon
region). If you use the EC2 public IP
address, or a name that resolves to
the public IP address, then logplex
will not be able to connect to your
drain.
But how can I get the 10/8 private IP of my instance?
Have you implemented any custom config on your instance. If you have installed default Splunk will bind to 0.0.0.0 (all available IPs).
I suspect there could be some conflict on the port. What if you try "data inputs" > "new" > "tcp" > "port:514"?
Have you implemented any custom config on your instance. If you have installed default Splunk will bind to 0.0.0.0 (all available IPs).
I suspect there could be some conflict on the port. What if you try "data inputs" > "new" > "tcp" > "port:514"?